The updated program now offers awards up to USD 40,000 for critical vulnerabilities affecting .NET, ASP.NET Core, Blazor, and Aspire frameworks, representing a major commitment to strengthening ecosystem security through community collaboration.
The enhanced bounty program significantly broadens its coverage to encompass a more comprehensive range of Microsoft’s .NET technologies.
The expanded scope now includes all supported versions of .NET and ASP.NET, adjacent technologies such as F#, supported versions of ASP.NET Core for .NET Framework, and templates provided with supported .NET and ASP.NET Core versions.
Additionally, the program now covers GitHub Actions within the .NET and ASP.NET Core repositories, ensuring continuous security review across the entire development pipeline.
This expansion reflects Microsoft’s recognition of the interconnected nature of modern development frameworks and the need for holistic security assessment.
Microsoft has implemented a streamlined award structure that categorizes vulnerabilities by severity levels and impact types.
The new system distinguishes between “complete” and “not complete” submissions, with complete reports requiring fully functional exploits to qualify for maximum awards.
Critical security impacts such as Remote Code Execution (RCE) now command the highest rewards, with complete submissions earning $40,000 for critical severity and $30,000 for important severity vulnerabilities.
Other categories include Elevation of Privilege, Security Feature Bypass, Remote Denial of Service, and various information disclosure vulnerabilities, each with corresponding reward tiers based on exploitability and potential impact.
The award restructuring introduces a transparent evaluation framework that aligns with other Microsoft bounty programs, helping researchers better understand assessment criteria.
Theoretical vulnerability scenarios remain eligible for rewards but receive lower compensation based on practical implementation feasibility.
The program specifically targets security impacts, including spoofing, tampering, and documentation vulnerabilities that could encourage insecure coding practices.
Remote Code Execution vulnerabilities represent the highest-value discoveries, reflecting their potential for significant system compromise and data breach scenarios.
These comprehensive updates demonstrate Microsoft’s continued investment in community-driven security research, acknowledging that collaborative vulnerability discovery is essential for maintaining robust defenses against evolving cyber threats.
The enhanced .NET Bounty Program positions Microsoft to attract top-tier security researchers while ensuring comprehensive protection for millions of developers relying on .NET technologies worldwide.
Security researchers can now expect more substantial compensation for their contributions to ecosystem security, fostering stronger partnerships between Microsoft and the global security research community.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Microsoft Expands .NET Bounty Program, Offering Researchers Up to $40,000 in Rewards appeared first on Cyber Security News.
A new weekend has arrived, and today, you can save big on Yakuza Kiwami 3…
A new weekend has arrived, and today, you can save big on Yakuza Kiwami 3…
Microsoft Defender triggered widespread false positive alerts after a faulty security update caused it to…
Developer Arc System Works has confirmed that Hulk and Black Panther have joined the roster…
Magic: The Gathering (MTG) artist Dan Frazier has admitted he "painted over" the work of…
May has officially arrived, and that means Mother's Day is coming up very soon (on…
This website uses cookies.