Microsoft Bounty Programs
Call out to all Microsoft friends, hackers, researchers! Want to help us protect customers, making some of our most popular products better? And earn money doing so? Step right up
Microsoft is now offering direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques.
Microsoft has championed many initiatives to advance security and to help protect our customers, including the
Security Development Lifecycle (SDL) process to build more secure technologies and
Coordinated Vulnerability Disclosure (CVD). We formed industry collaboration programs such as the
Microsoft Active Protections Program (MAPP) and
Microsoft Vulnerability Research (MSVR),and created the BlueHat Prize to encourage research into defensive technologies. Our new bounty programs add expanded depth and flexibility to our existing community outreach programs. Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers.
On 22nd April 2015, Microsoft announced an extension to the Online Services Bug Bounty program to include various Microsoft Azure properties. We also announced a new Microsoft Edge Preview Bug Bounty program.
On 20th October 2015, we added .NET core runtime and the public technical preview of ASP.NET.
Microsoft Security Response Center
About the Program