Many companies now implement bug bounty programs to encourage the community to find security vulnerabilities in software and privately report them to developers before hackers exploit them.
Many companies now run bug bounty programs to encourage the community to find security vulnerabilities in their software and report them privately to developers before hackers exploit them. Now, Microsoft has announced a major update to its .NET Bug Bounty Program , with rewards ranging from $7,000 to $40,000 for valuable discoveries.
Details of the "huge" bonus
The maximum $40,000 is only available for reporting remote code execution (RCE) or elevation of privilege (EoP) vulnerabilities rated "Critical" with full documentation. Here is the detailed classification table:
Extended scope of application
The program focuses on .NET, ASP.NET Core (including Blazor, Aspire), supported .NET Framework versions, included templates, GitHub Actions in the source code repository, and related technologies like F# .
Microsoft also clarified the criteria for assessing vulnerability severity and the definition of a "full" report. For more details, see Microsoft's official blog .
Do you have security skills? This could be a money-making opportunity if you discover a serious bug in the .NET platform!
You've just finished reading the article "Microsoft is willing to pay up to $40,000 to anyone who discovers a vulnerability in .NET" edited by the TipsMake team. We hope this article has provided you with many useful tech tips and tricks. You can search for similar articles on tips and guides. Thank you for reading and for following us regularly.