Open Source Bounty Program (original) (raw)

PROGRAM DESCRIPTION

The Microsoft Open-Source Bounty Program invites researchers to identify vulnerabilities in eligible Microsoft owned open-source repositories and share them with our team. Qualified submissions are eligible for bounty awards from $750 to $15,000 USD. This includes third-party and open-source components included in the service. Please note that qualifying reports must demonstrate a qualifying security impact on the specified service.

ELIGIBLE SUBMISSIONS

The goal of the Microsoft Bug Bounty program is to uncover significant technical vulnerabilities that have a direct and demonstrable impact on the security of our customers.

In addition to the eligibility requirements listed on the Bounty Program Guidelines page, vulnerability submissions must meet the following criteria to be eligible for bounty awards:

• The vulnerability must be present in an open-source library by default or manifest in a first party Microsoft service that was not previously reported to, or otherwise known by, Microsoft.
• The vulnerability must be Critical or Important severity and reproducible on the most recent actively maintained branch.

We request researchers include the following information to help us quickly assess their submission:

• Submit through the MSRC Researcher Portal

Microsoft may accept or reject any submission at our sole discretion that we determine does not meet the above criteria.

SCOPE

• Azure SDKs, limited to the following:
  • azure/azure-sdk
  • azure/azure-sdk-for-net
  • azure/azure-sdk-for-python
  • azure/azure-sdk-for-js
  • azure/azure-sdk-for-java
  • azure/azure-sdk-for-go
  • azure/azure-sdk-for-rust
  • azure/azure-sdk-tools
• FluentUI
• PowerShell
• TypeScript
• Visual Studio Code
• Microsoft Agent Framework
  • microsoft/semantic-kernel and microsoft/autogen are separate projects and are not included in this bounty program.
• Monaco-editor
• Msquic

Example attack scenarios

• Vulnerabilities leading to the ability to push code to a Microsoft-owned open-source project
• Vulnerabilities leading to a supply chain compromise
• Any vulnerabilities that can lead to deserialization, remote code execution, cross site scripting, or elevation of privilege

GETTING STARTED

Please create a test account for security testing and probing. Please follow the Research Rules of Engagement to avoid harm to customer data, privacy, and service availability.

BOUNTY AWARDS

Bounty awards range from 750upto750 up to 750upto15,000 USD. Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission. If a single submission is eligible for multiple awards, the submission will be awarded the single highest qualifying award.

Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgement if their submission leads to a vulnerability fix.

OUT-OF-SCOPE SUBMISSIONS AND VULNERABILITIES

Microsoft is happy to receive and review every submission on a case-by-case basis, but some submission and vulnerability types may not qualify for bounty award under this program.

If your submission is evaluated as out-of-scope for this individual bounty program, it may still qualify for an award under theStandard Award Policy.

Here are some of the common low-severity or out-of-scope issues that typically do not earn bounty awards:

• Publicly disclosed vulnerabilities which have already been reported to Microsoft or are already known to the wider security community
• Vulnerabilities that are addressed via documentation updates, without change to product code or function
• Security misconfiguration of a service by a user, such as the enabling of HTTP access on a storage account to allow for man-in-the-middle (MiTM) attacks
• Vulnerabilities based on user configuration or action, for example:
  • Vulnerabilities requiring extensive or unlikely user actions
  • Vulnerabilities in user-created content or applications
• Vulnerabilities that are limited to the local machine, excluding Visual Studio Code, Microsoft Agent Framework, TypeScript, and Monaco Editor
• Leaked non-live or test tokens and credentials without any impact on Microsoft services
• Vulnerabilities that rely on non-default Visual Studio Code extensions
• Vulnerabilities found in listed in scope libraries that are in:
  • Hackathon repositories
  • Samples, tutorials, or quickstart code (including files under samples/ directories)
  • Demo code or prototype / experimental / local-testing-only components (e.g., DevUI)
  • Dependency confusion issues
• Demo code
• Dependency confusion issues
• Server-side information disclosure, such as IPs, server names, and most stack traces
• Low impact CSRF bugs (such as logoff)
• Vulnerabilities based on third parties that do not demonstrate a qualifying security impact on the specified service
• Training, documentation, samples, and community forum sites related to Microsoft Open Source products and services are out-of-scope for bounty awards
• For Microsoft Agent Framework, pickle deserialization reports where the attack scenario requires the attacker to already have write access to the checkpoint storage backend (e.g., Azure Blob Storage, Cosmos DB, local file system). The framework’s checkpoint storage is a trusted data channel in the deployment architecture. Compromising storage to inject malicious payloads represents a deployment security boundary failure, not a a vulnerability within Microsoft Agent Framework.

Microsoft reserves the right to reject any submission that we determine, at our sole discretion, falls into any of these categories of vulnerabilities even if otherwise eligible for a bounty.

ADDITIONAL INFORMATION

For additional information, please see our FAQ.

REVISION HISTORY

• December 11, 2025: Program launched
• March 31, 2026: Clarified libraries for out of scope to local machine
• April 7, 2026: Updated Getting Started section.
• June 8, 2026: Clarified Microsoft Agent Framework in the Scope section. Added to Out-of-Scope Section to include vulnerabilities found in: samples, tutorials, or quickstart code (including files under samples/ directories, demo code or prototype / experimental / local-testing-only components (e.g., DevUI), and dependency confusion issues. Added Microsoft Agent Framework pickle deserialization reports to Out of Scope Section.