Microsoft targets .NET Core with new bug bounty rewards
Redmond offers more cash prizes for sourcing errors in its upcoming web frameworks
Microsoft has expanded its bug bounty programme to include new web and application technologies that are due for release in the coming months.
The company's latest programme will focus on the web application frameworks .NET Core and ASP.NET Core RC2 beta builds, which were revealed last month.
Jason Shirk, senior director of Microsoft's Security Response Center, said the latest programme will run until 7 September this year.
The platforms for testing will be Windows, OS X and Linux.
Rewards for qualifying bug discoveries will range from a minimum of $500 up to $15,000, depending on the severity of the security flaw.
In order to qualify for a reward, researchers must submit an eligible and previously unreported bug. Accepted submissions include remote code execution (RCE) faults, security design flaws, remote denial-of-service (DoS) holes, spoofing weaknesses, information leaks and XSS vulnerabilities.
"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits," said Shirk.
This new programme has succeeded Microsoft's previous CoreCLR and ASP.NET 5 beta bounty hunts.
Other Microsoft bounty programmes include the ongoing Nano Server beta, Online Services, and Mitigation bypass and Bounty for Defense programme.
The RC2 application can be downloaded here.
Microsoft frequently runs bug bounty programmes on its services. In 2014 it ran a programme for Office 365.
Top 5 challenges of migrating applications to the cloud
Explore how VMware Cloud on AWS helps to address common cloud migration challengesDownload now
3 reasons why now is the time to rethink your network
Changing requirements call for new solutionsDownload now
All-flash buyer’s guide
Tips for evaluating Solid-State ArraysDownload now
Enabling enterprise machine and deep learning with intelligent storage
The power of AI can only be realised through efficient and performant delivery of dataDownload now