#.NET

Microsoft has expanded its .NET bug bounty program, increasing the top reward to $40,000 for critical vulnerabilities in .NET and ASP.NET Core. The program now encompasses a wider range of technologies and offers tiered rewards based on the severity of the vulnerability, incentivizing researchers to focus on the most damaging flaws, like Remote Code Execution (RCE) and Elevation of Privilege (EoP). This move reflects Microsoft’s commitment to proactive security and leveraging external talent to identify weaknesses.