Microsoft has expanded its bug bounty program to include OneDrive.

The change, announced in this brief post on Redmond's security blog, means researchers will be paid between US$500 and $15,000 for confirmed vulnerabilities.

Microsoft's bounty-hunter rules ban attempts to grab user credentials (for example via social engineering or phishing), and researchers with any sense already know not to launch attacks against Microsoft infrastructure or services once they've found a vulnerability.

Redmond first joined the list of vendors offering bug bounties at Black Hat in 2013.

In 2015, it added bounties to help it harden Windows 10; bounty rewards for some products were boosted last August (RemoteApp was added to the program at the same time; and ASP.NET and .NET Core got their own bounties in October 2015. ®