HomeWinBuzzer NewsMicrosoft Offering $30,000 Bug Bounty Reward for Office 365 Flaw Submissions

Microsoft Offering $30,000 Bug Bounty Reward for Office 365 Flaw Submissions

The company has doubled the minimum and maximum pay-outs of its Bug Bounty program for Office 365. Researcher can now receive up to $30,000 for finding vulnerabilities across several Office 365 online services.


Researchers who find flaws in core applications are going to get an increased reward through the next three months. The company has expanded the pay-out for its Bug Bounty rewards for Office 365. Running between March 1 and May 1, researchers can now get up to $30,000 for finding vulnerabilities.

Under normal circumstances, reported flaws are eligible for a minimum pay-out of US$500 and a maximum pay-out of US$15,000. However, Microsoft is running a special offer for eligible vulnerability submissions. For specific Office 365 apps, the company has doubled the minimum (US$1000) and maximum (US$30,000) pay-outs.

As always, the company points out that Bug Bounty discoveries are paid out at Microsoft's discretion. The level of payment is based on the potential threat and impact of the flaw detected.

Microsoft says the extended reward Bug Bounty is for vulnerabilities found in the following Office 365 apps:

  • office.com
  • office365.com
  • office.com
  • *.
  • com

“Securing Exchange Online, Microsoft's hosted enterprise email solution, is vital to customer security as it is the gateway to accessing critical user information such as email, calendars, contacts and tasks for any endpoint device,” wrote Akila Srinivasan and Travis Rhodes of the Microsoft Security Response Center.

Bug Bounty Program

Microsoft launched its first phase Bug Bounty in September 2014. The initial program was for Microsoft Online Services. Since then the company has expanded the program across Azure (April 2015) and Office 365 (August 2015). In September, 2016, the Bug Bounty also extended to the Microsoft Edge Insider Program.

The concept of the program is allowing researchers to gain rewards for finding flaws in Microsoft services. By offering a reward, Microsoft gives researchers and incentive to find vulnerabilities and report them.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News