Microsoft adding OneDrive to their bounty program

Next story

Microsoft recently announced that it is adding OneDrive to its bug bounty program; if you’ve got the knowhow you could earn $500 - $15,000 in payouts.

Microsoft launched their Microsoft Online Services Bug Bounty Program back in 2014, starting with Office 365. It offers the technically minded a chance to help Microsoft improve the security of their services for money.

Microsoft have now added OneDrive to the bounty. Not a bad idea considering that OneDrive comes bundled with Windows 10 and is their offering in the already crowded cloud-storage arena.

If you’ve got the knowledge and talent to find and demonstrate an exploit in OneDrive, or Office 365, you could earn yourself $500 - $15,000 depending on the severity of the bug, how easy it is to execute and a few other factors.

This isn’t the first bug bounty that we’ve covered by any means: earlier this year General Motors launched their own bounty program and League of Legends found their bounty system to be a huge success.


A safer place for everyone


Mark James, ESET IT Security Specialist, explains why a bug bounty makes perfect sense in almost any situation, even to a company as large as Microsoft.

“With the ever expanding world of data on the move and people wanting to access their files wherever they are, if you’re going to provide a store for your users business files or private data in the cloud then security has to be top of the list.

“Microsoft have many resources available to them but they are fully aware of the wealth of experience available to rent and it stands to reason they should be using some of that.

“They are fully aware how much of a target online file storage is and it makes perfect sense to include OneDrive into their Bounty programs to make it a safer place for everyone to use.

“In theory the security of the product should only get better, you only have a finite amount of resource for testing or finding faults so it makes sense to utilise all the expertise that’s available.

“It’s not a statement that the product is any less secure than any other product they produce and if anything it shows they are serious about making it even more secure.”

Have you ever participated in a bug bounty?

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.