Microsoft announced that researchers may claim up to $30,000 in rewards by examining its Teams desktop application for security vulnerabilities, in a bid to show its dedication to securing user data, according to Threatpost. The new Apps Bounty Program will offer the maximum reward for discovery of “vulnerabilities that have the highest potential impact on customer privacy and security,” and lower rewards according to a five-tier system. The company will also offer between $500 and $15,000 for general bounties, while exceptional bug hunters may become eligible for entry into the yearly MSRC Most Valuable Security Researcher list or inclusion into Microsoft’s Researcher Recognition Program, said program manager Lynn Miyashita. Participants are to submit their uncovered online vulnerabilities through the Online Services Program. Microsoft’s Teams has recently been the target of phishing scams and a malware campaign using fake Teams updates, prompting the company to launch the program to garner brand support. A recent survey found that tech vendors who show a proactive approach to security, including hosting bug-bounty programs, are the preferred option for 75% of IT professionals.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Google Cloud recently introduced Community Security Analytics (CSA), a set of open-sourced queries and rules for self-service security analytics geared toward helping security teams detect common cloud-based threats.