Skip to main content
MSRC

Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.

The new fields in the submission form will allow the Researcher to include: the ability to report multiple products, CVSS Score, CWE Number, whether the vulnerability is an active exploit, public issue, a missed fixed or missed variant, and a new text field for repro steps. Researchers can use this feature to submit more detailed vulnerability reports providing valuable information that can assist MSRC case managers and security engineers in the assessment of the reported security vulnerability.  

Soft launching will occur between July and December 2023, Researchers are encouraged to opt-in to the new user interface by enabling the feature using the following steps.

  1. Sign into your Researcher Portal Account at MSRC Researcher Portal (microsoft.com)

Researcher Portal Homepage

  1. Click on the “Report Vulnerability” page (circle with plus sign icon)

Researcher Portal page pointing to “Report Vulnerability” button

  1. Click on the “gear icon” on the upper right corner and click on preview  

Researcher Portal page pointing to “gear icon” button

  1. Toggle the slider (Structured Reports) to the right to enable and view the additional fields on the submission form

Researcher Portal page showing sidebar modal instructing to toggle the slider (Structured Reports) to the right

We highly value your input and would appreciate your feedback on the new fields and their functionality in the submission form. After December 2023, this updated submission form will be the default format for submitting a security vulnerability. Please submit a survey response after you submit your vulnerability report or email us at msrcengpm@microsoft.com if you have any questions.  

If you have additional questions, please visit our Frequently Asked Questions (FAQ) page or blog post about What to Expect When Reporting Vulnerabilities to Microsoft.


Related Posts