Microsoft Bounty Programs Expansion – .NET Core and ASP.NET Beta Bounty

Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta which Microsoft released earlier this month. .NET and… Read more

Microsoft Bounty Programs Expansion – Bounty for Defense, Authentication Bonus, and RemoteApp

I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to… Read more

An update on the bounty programs

Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty… Read more

Announcing the Microsoft Bounty Programs

Over the years, we’ve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed.  Now we’re taking it even further. We’re launching… Read more