Automatically translated.View original post

If it's hard to find a bug yourself, let the computer help find and slap a beautiful reward. ðŸšĻ

Microsoft announced an update to the Bug Bounty program for .NET and ASP.NET Core weighing up to $40,000, or about $1.4 million, for anyone who can successfully report a serious vulnerability like Remote Code Execution (RCE) or Privilege Escalation.

.

This round of updates not only increases prize money, but also expands the scope to include various technologies, including all versions of .NET, ASP.NET Core on the .NET Framework, F #, various templates, as well as GitHub Actions that are in .NET's repo and ASP.NET Core.

.

The move is part of the Secure Future Initiative (SFI) plan, launched by Microsoft in late 2023 to reinforce security seriousness. After criticism that the measure is not concise enough, increasing rewards is like signaling global security researchers to help find a vulnerability before it falls into the hands of hackers.

.

The reward money is divided according to the seriousness and quality of the report. The highest level of vulnerability, such as RCE and Privilege Escalation, reported with complete documentation, will receive a full $40,000. The Security Feature Bypass also has a reward of $30,000. And other vulnerabilities, such as DoS or leaked information, also have rewards of thousands to tens of thousands of dollars.

.

Microsoft has also gradually upgraded the Bug Bounty program to other products such as Power Platform, Dynamics 365, and AI Copilot with added motivation bonuses. This .NET update is another golden opportunity for the Security and Dev lines to grab money from their penetration skills. Because money is really in the air, just know where to find it.

.

Source: neowin

# IT # Includes IT matters # Cough to know

2025/8/8 Edited to

... Read moreāđ‚āļ›āļĢāđāļāļĢāļĄ Bug Bounty āđ€āļ›āđ‡āļ™āļāļĨāļĒāļļāļ—āļ˜āđŒāļŠāļģāļ„āļąāļāļ—āļĩāđˆāļšāļĢāļīāļĐāļąāļ—āđ€āļ—āļ„āđ‚āļ™āđ‚āļĨāļĒāļĩāļĢāļ°āļ”āļąāļšāđ‚āļĨāļāđƒāļŠāđ‰āđƒāļ™āļāļēāļĢāđ€āļŠāļĢāļīāļĄāļ„āļ§āļēāļĄāļ›āļĨāļ­āļ”āļ āļąāļĒāļ‚āļ­āļ‡āļ‹āļ­āļŸāļ•āđŒāđāļ§āļĢāđŒāđ‚āļ”āļĒāđ€āļ›āļīāļ”āđ‚āļ­āļāļēāļŠāđƒāļŦāđ‰āļ™āļąāļāļ§āļīāļˆāļąāļĒāļ”āđ‰āļēāļ™āļ„āļ§āļēāļĄāļ›āļĨāļ­āļ”āļ āļąāļĒāļŦāļēāļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāđāļĨāļ°āļĢāļąāļšāļĢāļēāļ‡āļ§āļąāļĨāļ•āļ­āļšāđāļ—āļ™ Microsoft āđ€āļ­āļ‡āļāđ‡āđ„āļ”āđ‰āļ•āđˆāļ­āļĒāļ­āļ”āđāļ™āļ§āļ—āļēāļ‡āļ™āļĩāđ‰āļ­āļĒāđˆāļēāļ‡āļˆāļĢāļīāļ‡āļˆāļąāļ‡ āđ‚āļ”āļĒāđ€āļ‰āļžāļēāļ°āļāļąāļšāđ€āļ—āļ„āđ‚āļ™āđ‚āļĨāļĒāļĩ .NET āđāļĨāļ° ASP.NET Core āļ‹āļķāđˆāļ‡āđ€āļ›āđ‡āļ™āļŦāļ™āļķāđˆāļ‡āđƒāļ™āđ€āļŸāļĢāļĄāđ€āļ§āļīāļĢāđŒāļāļŦāļĨāļąāļāļ—āļĩāđˆāļ­āļ‡āļ„āđŒāļāļĢāļ—āļąāđˆāļ§āđ‚āļĨāļāđƒāļŠāđ‰āļžāļąāļ’āļ™āļēāđāļ­āļ›āļžāļĨāļīāđ€āļ„āļŠāļąāļ™āļ•āđˆāļēāļ‡ āđ† āļāļēāļĢāļ­āļąāļ›āđ€āļ”āļ•āđ‚āļ›āļĢāđāļāļĢāļĄ Bug Bounty āļ„āļĢāļąāđ‰āļ‡āļ™āļĩāđ‰āđ„āļĄāđˆāđ€āļžāļĩāļĒāļ‡āđāļ•āđˆāđ€āļžāļīāđˆāļĄāļˆāļģāļ™āļ§āļ™āđ€āļ‡āļīāļ™āļĢāļēāļ‡āļ§āļąāļĨāļŠāļđāļ‡āļŠāļļāļ”āļ–āļķāļ‡ 40,000 āļ”āļ­āļĨāļĨāļēāļĢāđŒāļŠāļģāļŦāļĢāļąāļšāļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāļ—āļĩāđˆāļĄāļĩāļ„āļ§āļēāļĄāļĢāđ‰āļēāļĒāđāļĢāļ‡āļŠāļđāļ‡āļŠāļļāļ”āļ­āļĒāđˆāļēāļ‡ Remote Code Execution (RCE) āđāļĨāļ° Privilege Escalation āđāļ•āđˆāļĒāļąāļ‡āļ‚āļĒāļēāļĒāļ‚āļ­āļšāđ€āļ‚āļ•āļ„āļ§āļēāļĄāļ„āļļāđ‰āļĄāļ„āļĢāļ­āļ‡āļ„āļĢāļ­āļšāļ„āļĨāļļāļĄāļ—āļļāļāđ€āļ§āļ­āļĢāđŒāļŠāļąāļ™āļ‚āļ­āļ‡ .NET, ASP.NET Core āļšāļ™ .NET Framework āļĢāļ§āļĄāļ–āļķāļ‡āļ āļēāļĐāļē F# āđāļĨāļ°āđ€āļ—āļĄāđ€āļžāļĨāļ•āļ•āđˆāļēāļ‡ āđ† āļĢāļ§āļĄāļ–āļķāļ‡ GitHub Actions āļ—āļĩāđˆāđ€āļāļĩāđˆāļĒāļ§āļ‚āđ‰āļ­āļ‡āļāļąāļšāđ‚āļ„āļĢāļ‡āļāļēāļĢāđ€āļŦāļĨāđˆāļēāļ™āļĩāđ‰āļ­āļĩāļāļ”āđ‰āļ§āļĒ āļ„āļ§āļēāļĄāđ€āļ„āļĨāļ·āđˆāļ­āļ™āđ„āļŦāļ§āļ™āļĩāđ‰āđ€āļ›āđ‡āļ™āļŠāđˆāļ§āļ™āļŦāļ™āļķāđˆāļ‡āļ‚āļ­āļ‡āđāļœāļ™ Secure Future Initiative (SFI) āļ—āļĩāđˆ Microsoft āđ€āļ›āļīāļ”āļ•āļąāļ§āđ€āļĄāļ·āđˆāļ­āļ›āļĨāļēāļĒāļ›āļĩ 2023 āđ€āļžāļ·āđˆāļ­āđ€āļŠāļĢāļīāļĄāļ„āļ§āļēāļĄāđāļ‚āđ‡āļ‡āđāļāļĢāđˆāļ‡āļ”āđ‰āļēāļ™āļ„āļ§āļēāļĄāļ›āļĨāļ­āļ”āļ āļąāļĒ āļ—āļģāđƒāļŦāđ‰āđ‚āļ›āļĢāđāļāļĢāļĄ Bug Bounty āļĄāļĩāļšāļ—āļšāļēāļ—āļŠāļģāļ„āļąāļāđƒāļ™āļāļēāļĢāļ”āļķāļ‡āļ”āļđāļ”āļ™āļąāļāļ§āļīāļˆāļąāļĒāļˆāļēāļāļ—āļąāđˆāļ§āđ‚āļĨāļāļĄāļēāļĢāđˆāļ§āļĄāļ„āđ‰āļ™āļŦāļēāļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāļāđˆāļ­āļ™āļ—āļĩāđˆāļˆāļ°āļ–āļđāļāđāļŪāđ‡āļāđ€āļāļ­āļĢāđŒāļ™āļģāđ„āļ›āđƒāļŠāđ‰āđ‚āļˆāļĄāļ•āļĩāļˆāļĢāļīāļ‡ āļ™āļ­āļāļˆāļēāļāļĢāļēāļ‡āļ§āļąāļĨāļŠāļģāļŦāļĢāļąāļšāļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāļĢāļ°āļ”āļąāļšāļŠāļđāļ‡āļ­āļĒāđˆāļēāļ‡ RCE āđāļĨāđ‰āļ§ Microsoft āļĒāļąāļ‡āļĄāļĩāđ€āļ‡āļīāļ™āļĢāļēāļ‡āļ§āļąāļĨāļŠāļģāļŦāļĢāļąāļšāļāļēāļĢāļĢāļēāļĒāļ‡āļēāļ™āļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāļ›āļĢāļ°āđ€āļ āļ— Security Feature Bypass āļŠāļđāļ‡āļ–āļķāļ‡ 30,000 āļ”āļ­āļĨāļĨāļēāļĢāđŒ āđāļĨāļ°āļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāļ­āļ·āđˆāļ™ āđ† āđ€āļŠāđˆāļ™ Denial of Service (DoS) āļŦāļĢāļ·āļ­āļ‚āđ‰āļ­āļĄāļđāļĨāļĢāļąāđˆāļ§āđ„āļŦāļĨ āļ—āļĩāđˆāļĄāļĩāļĢāļēāļ‡āļ§āļąāļĨāļ•āļąāđ‰āļ‡āđāļ•āđˆāļŦāļĨāļąāļāļžāļąāļ™āļ–āļķāļ‡āļŦāļĨāļąāļāļŦāļĄāļ·āđˆāļ™āļ”āļ­āļĨāļĨāļēāļĢāđŒāļ­āļĩāļāļ”āđ‰āļ§āļĒ āļ™āļ­āļāļˆāļēāļāļ™āļĩāđ‰ Microsoft āļĒāļąāļ‡āļ‚āļĒāļēāļĒāđ‚āļ›āļĢāđāļāļĢāļĄ Bug Bounty āđ„āļ›āļĒāļąāļ‡āļœāļĨāļīāļ•āļ āļąāļ“āļ‘āđŒāļ­āļ·āđˆāļ™ āđ† āđ€āļŠāđˆāļ™ Power Platform, Dynamics 365 āđāļĨāļ° AI Copilot āļžāļĢāđ‰āļ­āļĄāļ—āļąāđ‰āļ‡āđ€āļžāļīāđˆāļĄāđ‚āļšāļ™āļąāļŠāđ€āļžāļ·āđˆāļ­āļŠāļĢāđ‰āļēāļ‡āđāļĢāļ‡āļˆāļđāļ‡āđƒāļˆāđāļāđˆāļŠāļļāļĄāļŠāļ™āļ™āļąāļāļžāļąāļ’āļ™āļēāđāļĨāļ°āļ™āļąāļāļ§āļīāļˆāļąāļĒāļ”āđ‰āļēāļ™āļ„āļ§āļēāļĄāļ›āļĨāļ­āļ”āļ āļąāļĒāļ—āļąāđˆāļ§āđ‚āļĨāļ āļŠāļģāļŦāļĢāļąāļšāļ—āļąāđ‰āļ‡āļ™āļąāļāļžāļąāļ’āļ™āļēāđāļĨāļ°āļœāļđāđ‰āļ—āļĩāđˆāļŠāļ™āđƒāļˆāļ”āđ‰āļēāļ™āļāļēāļĢāđ€āļˆāļēāļ°āļĢāļ°āļšāļš (penetration testing) āļ™āļĩāđˆāļ„āļ·āļ­āđ‚āļ­āļāļēāļŠāļ—āļ­āļ‡āļ—āļĩāđˆāļˆāļ°āđ„āļ”āđ‰āļĢāļąāļšāđ€āļ‡āļīāļ™āļĢāļēāļ‡āļ§āļąāļĨāļˆāļēāļāļāļēāļĢāđƒāļŠāđ‰āļ—āļąāļāļĐāļ°āļ„āđ‰āļ™āļŦāļēāļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāđƒāļ™āļĢāļ°āļšāļšāđ€āļ—āļ„āđ‚āļ™āđ‚āļĨāļĒāļĩāļĢāļ°āļ”āļąāļšāđ‚āļĨāļ āđ€āļžāļĢāļēāļ°āđ€āļ‡āļīāļ™āļĢāļēāļ‡āļ§āļąāļĨāļžāļĢāđ‰āļ­āļĄāļĄāļ­āļšāđƒāļŦāđ‰āļˆāļĢāļīāļ‡ āđ† āđ€āļžāļĩāļĒāļ‡āđāļ•āđˆāļ•āđ‰āļ­āļ‡āļĢāļđāđ‰āļ§āđˆāļēāļˆāļ°āđ€āļĢāļīāđˆāļĄāļ•āđ‰āļ™āļŦāļēāļŠāđˆāļ­āļ‡āđ‚āļŦāļ§āđˆāļˆāļēāļāļ•āļĢāļ‡āđ„āļŦāļ™ āļŠāļĢāļļāļ›āđāļĨāđ‰āļ§ āļāļēāļĢāđ€āļžāļīāđˆāļĄāđ€āļ‡āļīāļ™āļĢāļēāļ‡āļ§āļąāļĨāđāļĨāļ°āļ‚āļĒāļēāļĒāļ‚āļ­āļšāđ€āļ‚āļ•āđ‚āļ›āļĢāđāļāļĢāļĄ Bug Bounty āļ„āļĢāļąāđ‰āļ‡āļ™āļĩāđ‰āļ–āļ·āļ­āđ€āļ›āđ‡āļ™āļŠāļąāļāļāļēāļ“āļŠāļģāļ„āļąāļāļ‚āļ­āļ‡ Microsoft āļ—āļĩāđˆāđāļŠāļ”āļ‡āļ–āļķāļ‡āļ„āļ§āļēāļĄāļĄāļļāđˆāļ‡āļĄāļąāđˆāļ™āđƒāļ™āļāļēāļĢāđ€āļŠāļĢāļīāļĄāļŠāļĢāđ‰āļēāļ‡āļ„āļ§āļēāļĄāļĄāļąāđˆāļ™āļ„āļ‡āļ›āļĨāļ­āļ”āļ āļąāļĒāđƒāļŦāđ‰āļāļąāļšāđ€āļ—āļ„āđ‚āļ™āđ‚āļĨāļĒāļĩāđƒāļ™āļĒāļļāļ„āļ”āļīāļˆāļīāļ—āļąāļĨ āđ€āļžāļ·āđˆāļ­āļ›āļāļ›āđ‰āļ­āļ‡āļ‚āđ‰āļ­āļĄāļđāļĨāļ‚āļ­āļ‡āļœāļđāđ‰āđƒāļŠāđ‰āđāļĨāļ°āļ­āļ‡āļ„āđŒāļāļĢāļˆāļēāļāļ āļąāļĒāļ„āļļāļāļ„āļēāļĄāđ„āļ‹āđ€āļšāļ­āļĢāđŒāļ—āļĩāđˆāļĄāļĩāļ„āļ§āļēāļĄāļ‹āļąāļšāļ‹āđ‰āļ­āļ™āļŠāļđāļ‡āļ‚āļķāđ‰āļ™āļ­āļĒāđˆāļēāļ‡āļ•āđˆāļ­āđ€āļ™āļ·āđˆāļ­āļ‡