Home » High Tech » Report a bug, touch the jackpot: Microsoft wants to secure its tools, with $ 40,000 to the key
Report a bug, touch the jackpot: Microsoft wants to secure its tools, with $ 40,000 to the key

Report a bug, touch the jackpot: Microsoft wants to secure its tools, with $ 40,000 to the key

High Tech
Deal Score0
0
Deal Score0

Cybersecurity researcher analyzing computer code on a laptop

Illustration image: A security analyst inspects the code. Microsoft offers bonuses up to $ 40,000 (≈ 36,500 €) for the critical vulnerabilities reported in its products, a program open to French.

© Gorodenkoff

Microsoft muscle its program of Bug Bounty dedicated to .NET. In a post published on July 31, 2025, the publisher has formalized a complete overhaul of its premium system, which now covers technologies gravitating around .NET: ASP.NET Core, F#, official projects and even certain GitHub actions linked. The challenge is clear: motivate security specialists to search deeply in the mysteries of its open source ecosystem.

Microsoft offers up to $ 40,000 for .NET faults: a boon for researchers

The scale has been revised upwards, with a maximum reward of $ 40,000 (around € 36,500) for any remote code execution or elevation of privileges accompanied by a “complete” report, that is to say documented, reproducible and accompanied by a feasibility demonstration (a script, an extract of code, a request or even a video that shows step by step how the vulnerability can be exploited).

For less successful reports, the amounts are divided by two. Even a simple denial of well -presented service can now bring in $ 20,000.

Table of premiums paid by Microsoft for .NET faults according to their severity and the quality of the report submitted (August 2025)

Microsoft details here the amounts awarded to safety researchers for each type of .NET vulnerability, according to two criteria: the impact (critic or important) and the quality of the report. A full report on a remote code execution can thus bring up to $ 40,000.

© Microsoft

And yes, it’s valid for the French. Microsoft does not restrict participation by nationality. Whether you are a student, a self -employed, an employee in a experienced tech or researcher, you can submit your discovery via the MSRC official portal, provided that the vulnerability targets a supported version.

This turn is not altruistic and Microsoft does not hide it: by upgrading its premiums, the company hopes above all that independent researchers will detect the flaws before they are exploited. It is better to pay a good report than to manage an incident in production.

Want to save even more? Discover Our promo codes Selected for you.

More Info

Related deals
We will be happy to hear your thoughts

Leave a reply

Bonplans French
Logo