Money for Bugs: Office 365 Added to Microsoft's Bounty Program

Money for Bugs: Office 365 Added to Microsoft's Bounty Program

Microsoft has long offered hackers and researchers payouts for locating bugs, vulnerabilities and exploits in its products. These have normally been focused on installable, locally executed applications. But, with increasing usage of Microsoft's Cloud-based products, the company is unveiling its first Bug Bounty program for online services.

The program, "Online Services Bug Bounty," is commencing with Office 365 online services as the initial emphasis, including,,,, and, among other URL deviations.

The program is for anyone 14 years of age or older and the payout is a minimum of $500 USD for eligible and qualified submissions. Microsoft provides a list of eligible submissions that include vulnerabilities like cross site scripting, injection flaws, privilege escalation, cross site requires forgery, and others, and it also provides a list of submissions it will not accept.

Full program information can be found on the terms page: Online Services Bug Bounty Terms

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.