We’re sorry. The content you requested has been removed. You’ll be auto redirected in 1 second.
Microsoft Bounty Programs
Calling all Microsoft friends, hackers, and researchers! Do you want to help us protect customers, making some of our most popular products better… and earn money doing so? Step right up!
Microsoft offers direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques.
Microsoft has championed many initiatives to advance security and to help protect our customers, including the
Security Development Lifecycle (SDL) process and
Coordinated Vulnerability Disclosure (CVD). We formed industry collaboration programs such as the
Microsoft Active Protections Program (MAPP) and
Microsoft Vulnerability Research (MSVR),and created the BlueHat Prize to encourage research into defensive technologies. Since June 2013, we’ve also offered bounties for certain classes of vulnerabilities reported to us. These bounty programs help Microsoft harness the collective intelligence and capabilities of security researchers to help protect customers. As you’ll see from the list below, several time-limited programs apply only to preview versions, so we can address the vulnerabilities before the final version is complete.
Take a look at the active programs below and review the program details at each link. If you have a vulnerability that might be a match for one of our bounty programs, please contact us at
firstname.lastname@example.org with details.
This successor to the previous CoreCLR and ASP.NET 5 beta bounty program applies to .NET Core, ASP.NET Core RC2 and any subsequent Release Candidates during the bounty period, or the final RTM version if released within the bounty period. TIME LIMITED.