Skip to main content
MSRC

Community-based Defense

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Thursday, April 21, 2022

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q1 Security Researcher Leaderboard are: Yuki Chen, William Söderberg, and Terry Zhang @pnig0s!

Read More

Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs

Thursday, April 14, 2022

We are excited to announce the addition of scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program. Through these new scenario-based bounty awards, we encourage researchers to focus their research on vulnerabilities that have the highest potential impact on customer privacy and security. Awards increase by up to 30% ($26,000 USD total) for eligible scenario submissions.

Read More

On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

Tuesday, April 05, 2022

Microsoft is excited to announce the addition of Exchange on-premises, SharePoint on-premises, and Skype for Business on-premises to the Applications and On-Premises Servers Bounty Program. Through this expanded program, we encourage researchers to discover and report high-impact security vulnerabilities to help protect customers. We offer awards up to $26,000 USD for eligible submissions.

Read More

Congratulations to the Top MSRC 2021 Q4 Security Researchers!

Tuesday, February 01, 2022

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q4 Security Researcher Leaderboard are: rezer0dai (780 points) , Callum Carney (750 points) , and wtm (615 points) !

Read More

Expanding the Microsoft Researcher Recognition Program

Tuesday, February 01, 2022

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are expanding the program to recognize more security researchers in more ways for their contributions to protecting customers, and we published the first new leaderboard on our program page.

Read More

New High Impact Scenarios and Awards for the Azure Bounty Program

Monday, October 18, 2021

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

Read More

Congratulations to the Top MSRC 2021 Q3 Security Researchers!

Thursday, October 14, 2021

Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840

Read More

Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program

Wednesday, October 13, 2021

Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000 USD for eligible submissions.

Read More

Announcing the Launch of the Azure SSRF Security Research Challenge

Thursday, August 19, 2021

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional awards for identifying innovative or novel attack patterns.

Read More