Microsoft Launches Bug Bounty Program for Dynamics 365

Microsoft has recently launched a bug bounty program for Microsoft Dynamics 365, with the top payment reaching $20,000.

Because the number of Microsoft bug bounties keeps growing, the software giant has decided to group all such programs in three different categories called Cloud Bounty Program, Microsoft Identity Bounty Program, and Azure DevOps Bounty Programs.

Microsoft Dynamics 365 is included in the Cloud Bounty Program.

As per the official rules published here, a Remote Code Execution flaw is worth between $5,000 with an Important severity rating and $20,000 if the Critical flag is assigned. Only a high-quality report is eligible for the maximum payment.

On the other hand, Elevation of Privilege bugs are worth between $1,000 and $8,000, while Information Disclosure high-quality reports can reach $8,000 as well. The lowest amount you can get for spoofing and tampering issues is $500. Microsoft does not accept denial of service bug reports.

“Microsoft is happy to receive and review every submission on a case-by-case basis, but some submission and vulnerability types may not qualify for bounty rewards,” the software giant explains.

High-quality reports

As for high-quality reports, the company provides some specific guidelines to assist security researches who come across issues that could be eligible for the top payment.

“A high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue. This typically includes a concise write up or video containing any required background information, a description of the bug, and a proof of concept (PoC). Sample high- and low-quality reports are available here,” it says on the page linked above.

“We recognize some issues are extremely difficult to reproduce and understand and will take this into considered when assessing the quality of a submission.”

You can read the full guidelines on the link in this article, and check the box after the jump for the full list of awards as part of this bounty program.

Leave a Reply

Your email address will not be published. Required fields are marked *