Skip to main content
MSRC

Bounty

Congratulations to the MSRC 2024 Most Valuable Security Researchers!

Tuesday, August 06, 2024

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

Microsoft Bounty Program Year in Review: $16.6M in Rewards 

Monday, August 05, 2024

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Wednesday, July 24, 2024

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen, Lewis Lee & Ver & Zhiniang Peng, and Wei!

Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scope

Tuesday, February 27, 2024

Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products.

Introducing the Microsoft Defender Bounty Program

Tuesday, November 21, 2023

We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD. The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team.

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

Monday, August 07, 2023

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Thursday, August 11, 2022

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the ever-changing security landscapes, emerging technology, and new threats. Security Researchers help us secure millions of customers by discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure.

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

Thursday, April 14, 2022

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions.