Many firms provide bug bounty applications as they encourage folks to seek for and uncover safety vulnerabilities in software program, and report them privately to the seller so {that a} repair could be applied and utilized earlier than a malicious actor exploits them. Safety researchers and different members of the general public are financially incentivized to do that as they’re awarded financial rewards. Now, Microsoft has introduced main updates to its .NET Bounty Program.

Rewards now begin from $7,000 and go as much as a mouth-watering $40,000. Remember the fact that highest tier reward is simply relevant to the non-public disclosure of a distant code execution (RCE) or Elevation of Privilege (EoP) vulnerability with full documentation and a vital impression.

The breakdown for the varied rewards tiers is as follows:

It is very important word that the .NET Bounty Program primarily revolves round .NET and ASP.NET Core, together with Blazor and Aspire. However new product classes now function all supported variations of .NET and ASP.NET, ASP.NET Core for .NET Framework, the templates supplied with the aforementioned, GitHub Actions of their repositories, and adjoining applied sciences like F#.

The up to date rewards construction ensures that severity ranges are clearly outlined in order that high-impact points generate greater rewards, with tips round how a report could be thought-about “full” too. You’ll find extra data in Microsoft’s devoted weblog publish right here.