Microsoft has long offered hackers and researchers payouts for locating bugs, vulnerabilities and exploits in its products. These have normally been focused on installable, locally executed applications. But, with increasing usage of Microsoft's Cloud-based products, the company is unveiling its first Bug Bounty program for online services.
The program, "Online Services Bug Bounty," is commencing with Office 365 online services as the initial emphasis, including outlook.com, office365.com, sharepoint.com, yammer.com, and windows.net, among other URL deviations.
The program is for anyone 14 years of age or older and the payout is a minimum of $500 USD for eligible and qualified submissions. Microsoft provides a list of eligible submissions that include vulnerabilities like cross site scripting, injection flaws, privilege escalation, cross site requires forgery, and others, and it also provides a list of submissions it will not accept.
Full program information can be found on the terms page: Online Services Bug Bounty Terms
