My Experience Reporting Web Bugs to Microsoft (MSRC) for the First Time - Bug Bounty or No Bounty

Its been more than 8 years since I played around with Web Bugs. Seems threat landscape and things has changed significantly. However recently i reported few "low hanging" web related problems to MSFT. Most of the issues were mostly configuration issues, and all of the issues are fixed now however no bounty paid. What i came to know, unlike Facebook VRP, MSRC doesn't pay researcher even if they make any changes as result of your report. 

Link to Official Acknowledgements - 


  1. I just couldn’t go away your web site before suggesting that I actually enjoyed the usual information an individual supply to your guests? Is going to be again continuously to check out new posts.
    Thanks For This Great And Very Good Post share with us. I really appriciate you


Post a Comment