This is the Trace Id: 4eb0c847c082d3e440f143c9e5de3f3e

We value your research.

Explore multiple researcher recognition opportunities with MSRC

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure

 

Bounty leaderboards

Bounty Leaderboards recognize researchers based on total bounty awards earned during the recognition period, using the bounty award in scope decision timestamp.

Visit the MSRC Leaderboard site to view current leaderboards. Leaderboards published before July 2026 used the previous points-based model.

Leaderboard typeWhat it isWhen publishedWho is recognized
Biannual leaderboardRecognizes researchers who earn qualifying bounty awards during the applicable six-month period (July 1-December 31). Includes Technical Leaderboards highlighting top researchers within eligible bounty programs.JanuaryResearchers who earn qualifying bounty awards during the biannual period.
Annual MVR leaderboardRecognizes the Top 100 ranked researchers across all bounty programs based on total qualifying bounty award amounts during the annual program period (July 1-June 30).JulyTop 100 ranked researchers
Technical leaderboardRecognize the Top 10 researchers within each eligible bounty program. Technical rankings are published as part of both the Biannual and Annual leaderboard releases and are separate from overall Most Valuable Researcher (MVR). Annual Technical Leaderboards may include researchers who are not part of the MVR Top 100.Published with Biannual and Annual LeaderboardsTop 10 ranked researchers within each eligible bounty program.
Swag

Researchers who place on the biannual or annual leaderboards are recognized with curated swag as part of the program. Biannual leaderboard recipients can select items from available SwagMagic offerings. Each year, Microsoft’s Most Valuable Researchers receive a specially designed swag box following the annual MVR announcement. Eligible researchers will be contacted directly by our team with further details.

How to set your leaderboard name or choose to be displayed as anonymous

To appear by name or alias on leaderboards, confirm your Preferred Name and Recognition Preference in the Researcher Portal.

You can update your Preferred Name and Recognition Preference anytime in your MSRC Researcher Portal account. Preferred Names cannot be changed after publication. Both fields must be completed for you to receive recognition on the Leaderboard.

1. Select your recognition program preference

Researcher recognition is opt-in. By default, researchers are shown as anonymous unless they choose to be recognized by name or alias. Select one of the following options in your MSRC Researcher Portal profile:

  • Opt-in to the researcher recognition program by selecting the toggle to display my Preferred Name
  • Opt-out of the researcher recognition program to be displayed as anonymous

2. Provide your preferred name for recognition

If you choose to display a Preferred Name, you may select the edit button in the Researcher Portal and update your Preferred Name as desired. Your Preferred Name does not need to be your legal name or personally identifying name. Microsoft reserves the right, in its sole discretion, to reject, remove, or decline to publish any Preferred Name that impersonates another person or organization, infringes intellectual property or other rights, or contains vulgar, offensive, discriminatory, harassing, deceptive, or otherwise inappropriate content.

Additional information

Still have questions? Email us at msrcmvr@microsoft.com.

CVE acknowledgements

Microsoft publishes CVEs for security vulnerabilities that require customers to take action to protect themselves, as well as for Critical Cloud Service vulnerabilities that do not require customer action. MSRC recognizes researchers who report to us under Coordinated Vulnerability Disclosure (CVD) when their report results in a published CVE, listing them on the Security Update Guide Acknowledgments page.

Special mentions

Special Mentions recognize researchers who submit valid security vulnerability or AI Safety reports to MSRC during the recognition period, regardless of whether the submission results in a bounty award or leaderboard ranking. This recognition celebrates meaningful contributions across Microsoft-owned cloud and on-premises products and services and provides a way to recognize researchers beyond ranked leaderboards and the Most Valuable Researcher designation.

To be eligible, researchers must have at least one valid submission assessed as Low, Moderate, Important, or Critical severity, opt-in to public recognition, and set a Preferred Name in the MSRC Researcher Portal. Eligible researchers will be recognized on a new Special Mentions page for the applicable recognition period. Special Mentions replace the previous Online Services and AI Safety acknowledgment pages. CVE acknowledgments will continue to appear on the Security Update Guide page.

FAQ

How do I update the name that appears on the Special Mentions page?

To be eligible for recognition on the Special Mentions page, you must opt in to the researcher recognition program and provide a Preferred Name in the MSRC Researcher Portal. Researchers who choose to be recognized as Anonymous or opt out of the researcher recognition program will not be included on the Special Mentions page.

You can update your Preferred Name and Recognition Preference at any time in your MSRC Researcher Portal account. Both fields must be completed to be eligible for recognition.

Microsoft reserves the right, in its sole discretion, to reject, remove, or decline to publish any Preferred Name that impersonates another person or organization, infringes intellectual property or other rights, or contains vulgar, offensive, discriminatory, harassing, deceptive, or otherwise inappropriate content.

1. Select your recognition preference

Choose one of the following options in your MSRC Researcher Portal profile:

  • Opt-in to the researcher recognition program by selecting the toggle to display my Preferred Name
  • Opt-out of the researcher recognition program to be displayed as anonymous

Only researchers who opt in and choose to display a Preferred Name are eligible to appear on the Special Mentions page. Researchers who choose to display their name as Anonymous or opt out of the program will not be included.

2. Provide your Preferred Name

If you choose to display your Preferred Name, select Edit in the Researcher Portal to update it. Your Preferred Name will be used for future recognition publications.

I submitted a valid report, but I do not see my name on the Special Mentions page. Why?

Researchers must:

  • Have at least one valid submission assessed as Low, Moderate, Important, or Critical severity.
  • Opt in to public recognition.
  • Set a Preferred Name in the MSRC Researcher Portal.

New recognitions are added during the monthly publication cycle, so there may be a delay between case assessment and publication.

Will I be listed more than once if I submit multiple valid reports?
No. Special Mentions recognize eligible researchers once per fiscal year, regardless of the number of qualifying submissions.

Revision history

July 29, 2019

Information published

2019-2025

Points-based leaderboards published

February 6, 2026

Bounty leaderboard announcement

July 1, 2026

Updated the Researcher Recognition Programs

Follow the Microsoft Security and Response Center (MSRC)

LinkedInXBluesky YouTube
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads