Microsoft launches Bug Bounty Program for Office Insider Builds on Windows
Office Insiders on Windows are being called into action to improve Microsoft Office. The MSRC Team posted an announcement today that they have launched a new Bug Bounty Program. This initiative is an attempt to get Office Insiders involved in developing a more secure and efficient Office, similar to other programs before it.
Inside the Bug Bounty Program, users will be able to hunt down bugs in early access Office builds and get awarded rather large sums of payout. In fact, Microsoft is offering qualifying contributions a minimum of $500 up to $15,000 USD. It even seems like a competition in some regards considering Microsoft will be awarding the bounty to the first eligible submission received.
What qualifies as an “eligible submission”? Microsoft has conveniently listed that off for us:
- Identify an original and previously unreported vulnerability in the current Office Insider build on a fully patched Windows 10 Desktop
- The vulnerability must reproduce on the most recent Office Insider slow build to qualify for a bounty (If a submission reproduces in a previous Office Insider slow build but not the current Office slow build available at the time of your submission, then the submission is ineligible)
- Include concise reproducibility steps that are easily understood. (This allows submissions to be processed as quickly as possible and supports the highest payment for the type of vulnerability being reported.)
- Include the Office version number and slow build number on which the vulnerability reproduces (To find the number, go to File -> Account -> Office update (version and build number) )
Further reading: Bug Bounty Program, Microsoft, Office Insider