Microsoft has launched a bug bounty programme in a bid to fix software vulnerabilities in the wake of the downsizing of its Trustworthy Computing department.
The scheme covers Office365, Outlook, the messenger Lync and the collaboration tool Sharepoint, with rewards beginning at $500 and increasing based on the bug’s severity.
Travis Rhodes, senior security lead for Office365, said: ""We take it seriously that you trust us with your data, and this programme is part of our investment in continually improving the security of our services."
Eligible submissions include cross site scripting (XSS) that allows hackers to inject code into webpages, authentication flaws, and privilege escalation that lets attackers to grant themselves extra powers in a given system.
Isolated URL redirects, web app bugs in unsupported browsers and denial of service issues will not be rewarded by the scheme.
Participants must be at least 14 years old and unaffiliated to Microsoft, with rewards handed out only to the first to submit a given bug.
Residents of states currently under sanction by the US such as Cuba, Iran and Syria are not allowed to enter the scheme, presumably for legal or security reasons.