Microsoft has expanded the promotion program for finding vulnerabilities in .NET and increased the maximum payment to $ 40,000.
Now critical bugs that allow remote code execution or raising privileges will be assessed above than before.
The vulnerability associated with the bypass of security mechanisms will be brought to $ 30,000, and up to $ 20,000 for critical attacks such as refusal to service.
The program now covers all supported versions of .NET and ASP.net, including Blazor, Aspire, F#, as well as templates and Github Actions, included in official repositories.
According to Microsoft manager Madelin Eckert, updates are designed to better reflect the difficulty of searching for bugs and stimulate researchers.
The company also strengthened attention to safety in other areas: at the beginning of the year, it increased payments for vulnerability in Power Platform, Dynamics 365 and Copilot. Last year, Microsoft held the Zero Day Quest contest with a prize pool of $ 4 million.
