Microsoft targets .NET Core with new bug bounty rewards

Redmond offers more cash prizes for sourcing errors in its upcoming web frameworks

Microsoft has expanded its bug bounty programme to include new web and application technologies that are due for release in the coming months.

The company's latest programme will focus on the web application frameworks .NET Core and ASP.NET Core RC2 beta builds, which were revealed last month.

Jason Shirk, senior director of Microsoft's Security Response Center, said the latest programme will run until 7 September this year.

The platforms for testing will be Windows, OS X and Linux.

Advertisement
Advertisement - Article continues below

Rewards for qualifying bug discoveries will range from a minimum of $500 up to $15,000, depending on the severity of the security flaw.

In order to qualify for a reward, researchers must submit an eligible and previously unreported bug. Accepted submissions include remote code execution (RCE) faults, security design flaws, remote denial-of-service (DoS) holes, spoofing weaknesses, information leaks and XSS vulnerabilities.

"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits," said Shirk.

This new programme has succeeded Microsoft's previous CoreCLR and ASP.NET 5 beta bounty hunts.

Other Microsoft bounty programmes include the ongoing Nano Server beta, Online Services, and Mitigation bypass and Bounty for Defense programme.

More information about the .NET Core and ASP.NET Core RC2 programme can be found on the Microsoft blog and technet programme page.

The RC2 application can be downloaded here.

Microsoft frequently runs bug bounty programmes on its services. In 2014 it ran a programme for Office 365.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/hardware/laptops/354275/microsoft-surface-laptop-3-15in-review-ryzen-falls
Laptops

Microsoft Surface Laptop 3 15in review: Ryzen falls

4 Dec 2019
Visit/cloud/354231/the-it-pro-podcast-is-the-future-multi-cloud
Cloud

The IT Pro Podcast: Is the future multi-cloud?

29 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/business-strategy/collaboration/354160/microsoft-teams-surpasses-20-million-daily-users
collaboration

Microsoft Teams surpasses 20 million daily users

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019