Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its "identity services."
Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk.
Since new security today depends on the collaborative communication of identities and identity data within, and across domains, digital identities of customers are usually the key to accessing services and interacting across the Internet.
Microsoft said the company has heavily invested in the "creation, implementation, and improvement of identity-related specifications" that encourage "strong authentication, secure sign-on, sessions, API security, and other critical infrastructure tasks."
Therefore, to further bolster its customers' security, the tech giant has launched an all-new, and independent bug bounty program.
Dubbed Microsoft Identity Bounty Program, the newly-launched bug bounty program covers Microsoft Account and Azure Active Directory identity solutions, as well as some implementations of the OpenID specifications.
The payouts for the new Microsoft Identity Bounty Program range from $500 to $100,000, depending upon the impact of security researchers and bug hunters find.
"If you are a security researcher and have discovered a security vulnerability in the Identity services, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details," wrote Phillip Misner, Principal Security Group Manager.
"Submissions for standards protocol or implementation bounties need to be with a fully ratified identity standard in the scope of this bounty and have discovered a security vulnerability with the protocol implemented in our certified products, services, or libraries."
Microsoft's Identity Bounty Program
If you want to take part in the Microsoft Identity Bounty program, you'll need to offer high-quality submissions that reflect the research that you put into your finding, and share your knowledge and expertise with Microsoft developers and engineers, so they can quickly reproduce, understand, and fix the issue.
Visit the source link for more info.
Source: TheHackerNews
No comments:
Post a Comment