Microsoft is today calling on Office Insider Program members on the Windows platform to improve Office. The company announced that it has launched a Bug Bounty Program for the productivity service. This is only for users of the suite on the company's own Windows 10 platform. The MSRC Team says it wants to get Insiders more involved. The Office Insider Program already lets users provide feedback on preview features and builds. However, Microsoft wants more customer input. The Bug Bounty Program will allow users to get rewards for finding flaws in Office. Of course, the aim is to make Office as secure as possible. Like Microsoft's previous bounty programs, the Office version allows users to hunt for problems in the suite. As normal, the company is offering substantial money for zero-day vulnerabilities that are found. Qualifying contributions can get a minimum of $500 and maximum of $15,000, depending on factors. Of course, understanding what is an eligible submission is important, so Microsoft has detailed the criteria:
- Identify an original and previously unreported vulnerability in the current Office Insider build on a fully patched Windows 10 Desktop
- The vulnerability must reproduce on the most recent Office Insider slow build to qualify for a bounty (If a submission reproduces in a previous Office Insider slow build but not the current Office slow build available at the time of your submission, then the submission is ineligible)
- Include concise reproducibility steps that are easily understood. (This allows submissions to be processed as quickly as possible and supports the highest payment for the type of vulnerability being reported.)
- Include the Office version number and slow build number on which the vulnerability reproduces (To find the number, go to File -> Account -> Office update (version and build number)
