Microsoft will pay up to $15,000 for Office Insider vulnerabilities

Computer bug

Microsoft wants to make Office more secure, so it has announced a bug bounty program for Office Insiders to catch vulnerabilities before shipping a public release.

The bug bounty program targets the Windows version of Office on the Slow ring and features rewards of up to $15,000, but for "certain submissions" -- presumably highly-critical security holes -- the software giant says that researchers can expected to be paid more.

The minimum reward is $500, so even if researchers have not found a critical vulnerability they will still get paid for their efforts. Microsoft will pay more than $15,000 at its "sole discretion."

To qualify, Microsoft says that the vulnerability must be previously unreported and unknown and discovered in the latest Office Insider build that's on the Slow ring, running on an up-to-date version of Windows 10.

The top rewards are granted for a high-quality report for elevation of privilege via Office Protected View sandbox escape and macro execution by bypassing security policies that block macros in Excel, PowerPoint and Word. A low-quality report, in either case, will only net a researcher up to $9,000.

You can find more information about the bug bounty program by clicking on the link in the fourth paragraph. It is worth noting that the program started on March 15 and will end on June 15, this year.

Photo Credit:

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.