Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Collaborating with the security community for stronger identities
Published Oct 03 2018 02:33 PM 23.7K Views
Microsoft
First published on CloudBlogs on Jul 23, 2018 (reposted due to incorrect byline)
 
Hey there! Alex Weinert from the Microsoft Identity Division’s Security and Protection team here. I wanted to take a moment to highlight a big power-up to the Microsoft Identity Bounty Program! The program is all about inviting the security research community to help us identify existing or emerging threats that could harm our users. We previewed some exciting enhancements to the program at the Identiverse conference a few weeks ago and formally announced them July 19, 2018 . Here are the key enhancements:
  1. Identity standards bounties —Building a great security story with identity as the control plane requires fantastic standards-based interoperability. OAuth 2.0, Open ID Connect, and FIDO 2.0 (among others) all play a huge role in making this happen. To ensure key identity standards are as secure as they can be from day one, we are paying a bounty on select ratified standards, starting today with the Open ID Connect family of specifications, developed at the OpenID Foundation .
  2. Sensitive user data bounties —You’ve seen the headlines—OAuth consent and data extraction incidents are on the rise. Because of our deep commitment to user privacy and enterprise data confidentiality, we are paying bounties on collections of inappropriately shared sensitive user data (this adds to our existing bounties on vulnerabilities that expose this data).
  3. Increased bounties —In recognition of the critical role cloud identity plays in your security strategy, we are substantially increasing the bounties we pay on vulnerabilities in our identity systems—up to $100,000 in some cases.
Learn about the specifics on our Microsoft Identity Bounty Program website. This is our invitation to the best and brightest security minds to join us in our mission of protecting nearly 1 billion identities that use the Microsoft Identity platform to log in to the services and apps they love every day. Happy hunting!
Thanks, Alex Weinert 
Version history
Last update:
‎May 11 2021 02:00 PM
Updated by: