Microsoft 11804 Published by

Expands bug bounty programme to include ream of new services



From V3:
The expansion means bug hunters that spot flaws that could be used for cross-site scripting (XSS), cross-site request forgery (CSRF), cross-tenant data tampering, insecure direct object references, remote code injection, server-side code execution, privilege escalation, and security misconfigurations will receive a minimum payment of $500.

Researchers looking for payment will have to follow Microsoft's ethical testing guidelines and will be prohibited from several practices.
  Microsoft offers cash for Outlook, Office365, SharePoint, and Yammer bugs