Microsoft believes that security researchers play an integral role in the ecosystem by discovering vulnerabilities missed in the software development process. Microsoft Bug Bounty program allows security researchers to get rewarded for their work. Microsoft Bug Bounty program covers various Microsoft products and services including Azure, Microsoft 365, Xbox, Microsoft Identity, .NET and several more.
Today, Microsoft announced the launch of bug bounty program to find vulnerabilities with Bing. The following are examples of vulnerabilities you can report and get rewarded.
- Cross site scripting (XSS)
- Cross site request forgery (CSRF)
- Cross-tenant data tampering or access
- Insecure direct object references
- Insecure deserialization
- Injection vulnerabilities
- Server-side code execution
- Significant security misconfiguration (when not caused by user)
- Using component with known vulnerabilities
- Requires full proof of concept (PoC) of exploitability. For example, simply identifying an out of date library would not qualify for an award.
You can find more information on this page.