Microsoft has expanded its .NET bug bounty program and elevated rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities.
Madeline Eckert, a senior program supervisor for Researcher Incentives and Bounty at Microsoft, said that these modifications intention to extra precisely mirror the complexity concerned in discovering and exploiting .NET vulnerabilities.
“We’re excited to announce important updates to the Microsoft .NET Bounty Program. These modifications increase this system’s scope, simplify the award construction, and supply nice incentives for safety researchers,” stated Eckert.
“The .NET Bounty Program now presents awards as much as $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (together with Blazor and Aspire).”
Beginning immediately, Microsoft pays as much as $40,000 for essential distant code execution and privilege escalation safety flaws, in addition to $30,000 for essential safety function bypasses, and as much as $20,000 for essential distant denial-of-service bugs.
The .NET bug bounty program has additionally expanded to raised cowl .NET framework vulnerabilities, and it now contains:
All supported variations of .NET and ASP.NET,
Adjoining applied sciences corresponding to F#,
Supported variations of ASP.NET Core for .NET Framework,
Templates supplied with supported variations of .NET and ASP.NET Core,
GitHub Actions within the .NET and ASP.NET Core repositories.
Earlier this 12 months, Microsoft raised bounty awards to $30,000 for AI vulnerabilities present in Energy Platform and Dynamics 365 companies and merchandise.
In February, it introduced elevated payouts for moderate-severity Microsoft Copilot (AI) safety flaws and a 100% award multiplier for all Copilot bounty awards to incentivize AI analysis.
Throughout final 12 months’s Ignite annual convention, Microsoft additionally launched the Zero Day Quest, a hacking occasion specializing in cloud and AI merchandise and platforms, and providing $4 million in rewards.
These efforts are a part of the corporate’s Safe Future Initiative (SFI), a company-wide cybersecurity engineering plan launched in November 2023, following a scathing report issued by the Division of Homeland Safety’s Cyber Security Assessment Board, which said that Microsoft’s “safety tradition was insufficient and requires an overhaul.”
Malware focusing on password shops surged 3X as attackers executed stealthy Excellent Heist situations, infiltrating and exploiting essential techniques.
Uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and learn how to defend towards them.
