What all the programme covers
As mentioned above, the Teams desktop client is the first under the company’s new Apps Bounty Program. It, however, does not include Teams’ native mobile apps for Apple iOS and Android as well as for desktop browsers. The scope right now covers:
Scenario-Based Bounty Awards: This new program includes 5 scenario-based awards for vulnerabilities that have the highest potential impact on customer privacy and security. Rewards for these scenarios range from $6,000 to $30,000.
General Bounty Awards: In addition, we offer bounty awards for other valid vulnerability reports for the Teams desktop client that do not qualify for the scenario-based awards. Rewards for these reports range from $500 to $15,000.
Teams Online: Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program.
Researcher Recognition Program Points: Valid reports for Microsoft Teams research are now eligible for a 2x bonus multiplier under the Researcher Recognition Program. Points earned contribute toward your eligibility for the annual MSRC Most Valuable Security Researcher list.
Zoom bug bounty program
Microsoft Teams rival Zoom revamped its own bug bounty program with Luta Security in April 2020. The Luta Security founder helped set up bug bounty programs for Microsoft, Symantec and the Pentagon. Zoom previously had a bug bounty program on the HackerOne platform.