Google is famous for paying bounties in exchange for third party discovery of vulnerabilities in their products, and Microsoft has occasionally done the same in the past. Now the latter company has instituted a new program, outlined in the Security TechCenter on the TechNet web site, which will pay a minimum of $500 USD for security bugs in Office 365, Yammer, and other online services.
Read the terms and find out how to participate here: