"Microsoft Launches Defender Bug Bounty Program"

Microsoft has recently launched another bug bounty program, this time with the goal of making its Microsoft Defender-branded products and services more resilient to attack.  The Microsoft Defender Bounty Program will offer ethical hackers between $500 and $20,000 for significant vulnerabilities that have a direct and demonstrable impact on the security of their customers.  Microsoft noted that the largest sum for a novel vulnerability will go to researchers able to find critical remote code execution bugs and deliver a high-quality report.  In-scope vulnerabilities include cross-site scripting, cross-site request forgery, server-side request forgery, cross-tenant data tampering or access, and injection vulnerabilities.  The program will currently cover only Microsoft Defender for Endpoint Public APIs, but it’s expected to be expanded to other offerings over time.

Infosecurity reports: "Microsoft Launches Defender Bug Bounty Program"