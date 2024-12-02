The program will offer payouts ranging from USD 500 to USD 100,000 for discovering security vulnerabilities in identity services.

Microsoft has invested in the creation, implementation, and improvement of identity-related specifications. These foster strong authentication, secure sign-on, sessions, API security, and other critical infrastructure tasks, that are part of the community of standards experts within official standards bodies such as IETF, W3C, or the OpenID Foundation.

The Identity Bounty Program offers security researchers an opportunity to disclose vulnerabilities in identity services privately to Microsoft, allowing them to resolve the issue before publishing any technical details. Moreover, the bounty will be extended to certain implementations of selected OpenID standards.

In order to become eligible, participants need to fulfil criteria such as identify an original and previously unreported vulnerability in listed OpenID standards, the impact of the vulnerability, and more.