Microsoft Seeks Your Hidden Treasures

Feeling the pinch after taking off on the high seas for your summer holiday? Well, fear not – Microsoft is giving you the opportunity to turn those buried treasures in your security expertise into solid gold.

The company has launched its new ‘Identity Bounty’ program, which along with explaining our terrible use of pirate puns, could make you a pretty penny.

Phillip Misner, who holds the catchy title of principal security group manager of the Microsoft Security Response Center, said: “Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions.

“We have strongly invested in the creation, implementation, and improvement of identity-related specifications that foster strong authentication, secure sign-on sessions, API security, and other critical infrastructure tasks, as part of the community of standards experts within official standards bodies such as IETF, W3C, or the OpenID Foundation.

“In recognition of that strong commitment to our customer’s security we are launching the Microsoft Identity Bounty Program.”

So where do you come in? Well, if you are a security researcher who discovers a security vulnerability in the Identity services, Microsoft wants you to tell them first and give them a chance to fix it, before spreading the news over the internet.

Of course, this means they can tweak and hone their products and make them more appealing, but it also saves them from a raft of embarrassment or legal costs if something goes awry in the meantime.

However, as we know, no pirate carries out such a task without a little incentive. So what is Microsoft offering?

Well, a payout of between $500 to $100,000, depending on the vulnerability. Misner wishes his new recruits “happy hunting,” but will you become part of the crew?

What’s Hot on Infosecurity Magazine?