The Microsoft Online Services Bug Bounty program has doubled the maximum payment for vulnerabilities found on the company’s Microsoft Office 365 Portal and Microsoft Exchange Online.
Any vulnerabilities submitted between March 1 and May 1, 2017 will be eligible for a maximum payout of $30,000 for any submission that meets Microsoft’s criteria. The specific domains include:
“Generally, bounties will be paid for significant web application vulnerabilities found in eligible online service domains,” Microsoft said in a statement, adding any payout is entirely at the company’s discretion.
In 2016 millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack. Microsoft reported in its first quarter 2016 earnings report that there were 18.2 million Office 365 subscribers.
“Microsoft Office 365 is now the number one target in town and the one-stop-shop for today’s cyber outlaws. Rising bounties is clearly market dynamics, looking to tip the odds in white hat focus and behavior, said Steve Malone, Mimecast’s director of security product management.