Microsoft Boosts .NET Bug Bounty Program: Rewards Up to $45,000

Tobias Markets 7 views

Microsoft has expanded its .NET bug bounty program, increasing the top reward to $40,000 for critical vulnerabilities in .NET and ASP.NET Core. The program now encompasses a wider range of technologies and offers tiered rewards based on the severity of the vulnerability, incentivizing researchers to focus on the most damaging flaws, like Remote Code Execution (RCE) and Elevation of Privilege (EoP). This move reflects Microsoft’s commitment to proactive security and leveraging external talent to identify weaknesses.

“`html

CNBC AI News – Redmond is upping the ante in the cybersecurity game. Microsoft announced an expansion to its .NET bug bounty program, significantly boosting reward payouts in a bid to attract more white-hat hackers to unearth vulnerabilities.

According to the latest announcement, the top payout for critical vulnerabilities in .NET and ASP.NET Core has surged to a cool $40,000. That’s real money to security researchers willing to put in the work.

“We’re excited to announce updates to the Microsoft .NET Bug Bounty Program,” said Madeline Eckert, Senior Program Manager for Microsoft Security Response Center. “These changes broaden the scope, simplify the rewards structure, and provide richer incentives for security researchers.” The move underscores Microsoft’s commitment to proactive security, recognizing that external talent can be a powerful asset in identifying potential weak spots before they’re exploited by malicious actors.

The program now encompasses a wider range of technologies, including all supported versions of .NET and ASP.NET, related technologies like F#, supported versions of ASP.NET Core for .NET Framework, templates provided by .NET and ASP.NET Core, and GitHub Actions within the .NET and ASP.NET Core repositories. This broader scope offers researchers more opportunities to find – and profit from – their discoveries.

Specifically, Microsoft is offering the $40,000 reward for critical Remote Code Execution (RCE) and Elevation of Privilege (EoP) vulnerabilities impacting .NET and ASP.NET Core. Critical Security Feature Bypass vulnerabilities are worth $30,000, while critical Remote Denial of Service (DoS) flaws will fetch $20,000. The tiered reward structure reflects the severity of the potential impact, incentivizing researchers to focus on the most damaging vulnerabilities.

This isn’t the first bounty boost from Microsoft this year. Earlier, the company ratcheted up rewards for AI vulnerabilities within its Power Platform and Dynamics 365 services and products to $30,000. In February, they also announced a raise for medium-severity security vulnerabilities in Copilot, along with a 100% bonus multiplier across all Copilot vulnerability bounties, signaling a serious commitment to AI security.

重金悬赏!微软更新.NET悬赏计划:一个漏洞最高28.8万元

“`

Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/6165.html

Like (0)

About Author

Tobias

Tobias

Tobias focuses on large corporations' stocks and the evolving IT tech internet sectors. A pro in financial analysis and tech reporting, he's recognized for real - time coverage of major stock events. Tobias has a sharp eye for industry trends, offering in - depth analysis on tech impacts. Regularly contributing to top media, he's a trusted source for industry news.
Previous 1 day ago
Next 1 day ago

Related News