Digital identity is often the key to accessing enterprise applications and services across the internet. To protect the digital identities of its customers, Microsoft has invested heavily in the security of its consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions. To improve the security of its identity solutions, Microsoft yesterday announced the new Identity Bounty Program. As part of this program, security researchers can get payouts ranging from $500 to $100,000.
If you are a security researcher and have discovered a security vulnerability in the Identity services, you can disclose it to Microsoft privately and giving them an opportunity to fix it before publishing technical details and get rewarded for the same. Microsoft is also extending its bounty to cover those certified implementations of select OpenID standards.
Find more details about this program here.