Introducing Bounty Awards for Teams Desktop Client Security Research

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. As much of the world has shifted to working from home in the last year, Microsoft Teams has enabled people to stay connected, organized, and collaborate remotely. Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration.

Today, we are excited to expand our partnership with the research community and introduce bounty awards for Teams desktop client security research under the new Microsoft Applications Bounty Program, which includes awards up to $30,000. The Teams desktop client is the first in-scope application under the new Apps Bounty Program, we look forward to sharing updates as we bring additional apps into this bounty program scope.

  • Scenario-Based Bounty Awards: This new program includes 5 scenario-based awards for vulnerabilities that have the highest potential impact on customer privacy and security. Rewards for these scenarios range from $6,000 to $30,000 USD.
  • General Bounty Awards: In addition, we offer bounty awards for other valid vulnerability reports for the Teams desktop client that do not qualify for the scenario-based awards. Rewards for these reports range from $500 to $15,000 USD.
  • Teams Online: Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program.
  • Researcher Recognition Program Points: Valid reports for Microsoft Teams research are now eligible for a 2x bonus multiplier under the Researcher Recognition Program. Points earned contribute toward your eligibility for the annual MSRC Most Valuable Security Researcher list.

We value our partnership with the global security research community and are excited to continue working with you through this new bounty program. If you have any questions about this new program or any other security research incentive program, please email us at bounty@microsoft.com.

Lynn Miyashita, Program Manager, MSRC