We value your research.
Explore multiple researcher recognition opportunities with MSRC
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Bounty leaderboards
Bounty Leaderboards recognize researchers based on total bounty awards earned during the recognition period, using the bounty award in scope decision timestamp.
Visit the MSRC Leaderboard site to view current leaderboards. Leaderboards published before July 2026 used the previous points-based model.
| Leaderboard type | What it is | When published | Who is recognized |
|---|---|---|---|
| Biannual leaderboard | Recognizes researchers who earn qualifying bounty awards during the applicable six-month period (July 1-December 31). Includes Technical Leaderboards highlighting top researchers within eligible bounty programs. | January | Researchers who earn qualifying bounty awards during the biannual period. |
| Annual MVR leaderboard | Recognizes the Top 100 ranked researchers across all bounty programs based on total qualifying bounty award amounts during the annual program period (July 1-June 30). | July | Top 100 ranked researchers |
| Technical leaderboard | Recognize the Top 10 researchers within each eligible bounty program. Technical rankings are published as part of both the Biannual and Annual leaderboard releases and are separate from overall Most Valuable Researcher (MVR). Annual Technical Leaderboards may include researchers who are not part of the MVR Top 100. | Published with Biannual and Annual Leaderboards | Top 10 ranked researchers within each eligible bounty program. |
Swag
Researchers who place on the biannual or annual leaderboards are recognized with curated swag as part of the program. Biannual leaderboard recipients can select items from available SwagMagic offerings. Each year, Microsoft’s Most Valuable Researchers receive a specially designed swag box following the annual MVR announcement. Eligible researchers will be contacted directly by our team with further details.
How to set your leaderboard name or choose to be displayed as anonymous
To appear by name or alias on leaderboards, confirm your Preferred Name and Recognition Preference in the Researcher Portal.
You can update your Preferred Name and Recognition Preference anytime in your MSRC Researcher Portal account. Preferred Names cannot be changed after publication. Both fields must be completed for you to receive recognition on the Leaderboard.
1. Select your recognition program preference
Researcher recognition is opt-in. By default, researchers are shown as anonymous unless they choose to be recognized by name or alias. Select one of the following options in your MSRC Researcher Portal profile:
- Opt-in to the researcher recognition program by selecting the toggle to display my Preferred Name
- Opt-out of the researcher recognition program to be displayed as anonymous
2. Provide your preferred name for recognition
If you choose to display a Preferred Name, you may select the edit button in the Researcher Portal and update your Preferred Name as desired. Your Preferred Name does not need to be your legal name or personally identifying name. Microsoft reserves the right, in its sole discretion, to reject, remove, or decline to publish any Preferred Name that impersonates another person or organization, infringes intellectual property or other rights, or contains vulgar, offensive, discriminatory, harassing, deceptive, or otherwise inappropriate content.
Additional information
Still have questions? Email us at msrcmvr@microsoft.com.
CVE acknowledgements
Microsoft publishes CVEs for security vulnerabilities that require customers to take action to protect themselves, as well as for Critical Cloud Service vulnerabilities that do not require customer action. MSRC recognizes researchers who report to us under Coordinated Vulnerability Disclosure (CVD) when their report results in a published CVE, listing them on the Security Update Guide Acknowledgments page.
Special mentions
Special Mentions recognize researchers who submit valid security vulnerability or AI Safety reports to MSRC during the recognition period, regardless of whether the submission results in a bounty award or leaderboard ranking. This recognition celebrates meaningful contributions across Microsoft-owned cloud and on-premises products and services and provides a way to recognize researchers beyond ranked leaderboards and the Most Valuable Researcher designation.
To be eligible, researchers must have at least one valid submission assessed as Low, Moderate, Important, or Critical severity, opt-in to public recognition, and set a Preferred Name in the MSRC Researcher Portal. Eligible researchers will be recognized on a new Special Mentions page for the applicable recognition period. Special Mentions replace the previous Online Services and AI Safety acknowledgment pages. CVE acknowledgments will continue to appear on the Security Update Guide page.
FAQ
How do I update the name that appears on the Special Mentions page?
To be eligible for recognition on the Special Mentions page, you must opt in to the researcher recognition program and provide a Preferred Name in the MSRC Researcher Portal. Researchers who choose to be recognized as Anonymous or opt out of the researcher recognition program will not be included on the Special Mentions page.
You can update your Preferred Name and Recognition Preference at any time in your MSRC Researcher Portal account. Both fields must be completed to be eligible for recognition.
Microsoft reserves the right, in its sole discretion, to reject, remove, or decline to publish any Preferred Name that impersonates another person or organization, infringes intellectual property or other rights, or contains vulgar, offensive, discriminatory, harassing, deceptive, or otherwise inappropriate content.
1. Select your recognition preference
Choose one of the following options in your MSRC Researcher Portal profile:
- Opt-in to the researcher recognition program by selecting the toggle to display my Preferred Name
- Opt-out of the researcher recognition program to be displayed as anonymous
Only researchers who opt in and choose to display a Preferred Name are eligible to appear on the Special Mentions page. Researchers who choose to display their name as Anonymous or opt out of the program will not be included.
2. Provide your Preferred Name
If you choose to display your Preferred Name, select Edit in the Researcher Portal to update it. Your Preferred Name will be used for future recognition publications.
I submitted a valid report, but I do not see my name on the Special Mentions page. Why?
Researchers must:
- Have at least one valid submission assessed as Low, Moderate, Important, or Critical severity.
- Opt in to public recognition.
- Set a Preferred Name in the MSRC Researcher Portal.
New recognitions are added during the monthly publication cycle, so there may be a delay between case assessment and publication.
Will I be listed more than once if I submit multiple valid reports?
No. Special Mentions recognize eligible researchers once per fiscal year, regardless of the number of qualifying submissions.
Revision history
July 29, 2019 Information published | 2019-2025 Points-based leaderboards published | February 6, 2026 Bounty leaderboard announcement | July 1, 2026 Updated the Researcher Recognition Programs |