The company has also published rules of engagement for hackers, including immediate contact if customer or Microsoft data is discovered, and a list of out-of-scope activities such as denial of service testing and phishing attacks. The goal of the program is not just to find vulnerabilities, but to foster partnerships between the Microsoft Security Response Center, product teams, and external researchers, ultimately leading to more secure cloud and AI services.
Key takeaways:
- Microsoft has launched a new bug bounty scheme called Zero Day Quest, challenging hackers to find vulnerabilities in its systems.
- The Zero Day Quest is designed to incentivize research of the highest impact, with a total of $4 million in potential rewards.
- The program focuses on vulnerabilities impacting cloud and AI, and participants can qualify for a place in an onsite hacking event at Microsoft's headquarters in 2025.
- Microsoft has published rules of engagement for the program, including restrictions on gaining access to data that is not wholly owned by the participant, moving beyond proof of concept, and performing automated testing that generates significant amounts of traffic.