Microsoft rolls out Identity Bounty Program, offering up to USD 100k

Monday 23 July 2018 10:54 CET | News

Microsoft has created a bug bounty program called the Identity Bounty Program, focusing on customer security.

The program will offer payouts ranging from USD 500 to USD 100,000 for discovering security vulnerabilities in identity services.

Microsoft has invested in the creation, implementation, and improvement of identity-related specifications. These foster strong authentication, secure sign-on, sessions, API security, and other critical infrastructure tasks, that are part of the community of standards experts within official standards bodies such as IETF, W3C, or the OpenID Foundation.

The Identity Bounty Program offers security researchers an opportunity to disclose vulnerabilities in identity services privately to Microsoft, allowing them to resolve the issue before publishing any technical details. Moreover, the bounty will be extended to certain implementations of selected OpenID standards.

In order to become eligible, participants need to fulfil criteria such as identify an original and previously unreported vulnerability in listed OpenID standards, the impact of the vulnerability, and more.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Microsoft, digital identity, Identity Bounty Program, strong authentication, sign-on sessions, API security, OpenID
Countries: World

Industry Events