Microsoft targets .NET Core with new bug bounty rewards

Redmond offers more cash prizes for sourcing errors in its upcoming web frameworks

Microsoft has expanded its bug bounty programme to include new web and application technologies that are due for release in the coming months.

The company's latest programme will focus on the web application frameworks .NET Core and ASP.NET Core RC2 beta builds, which were revealed last month.

Jason Shirk, senior director of Microsoft's Security Response Center, said the latest programme will run until 7 September this year.

The platforms for testing will be Windows, OS X and Linux.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Rewards for qualifying bug discoveries will range from a minimum of $500 up to $15,000, depending on the severity of the security flaw.

In order to qualify for a reward, researchers must submit an eligible and previously unreported bug. Accepted submissions include remote code execution (RCE) faults, security design flaws, remote denial-of-service (DoS) holes, spoofing weaknesses, information leaks and XSS vulnerabilities.

"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits," said Shirk.

This new programme has succeeded Microsoft's previous CoreCLR and ASP.NET 5 beta bounty hunts.

Other Microsoft bounty programmes include the ongoing Nano Server beta, Online Services, and Mitigation bypass and Bounty for Defense programme.

More information about the .NET Core and ASP.NET Core RC2 programme can be found on the Microsoft blog and technet programme page.

Advertisement - Article continues below

The RC2 application can be downloaded here.

Microsoft frequently runs bug bounty programmes on its services. In 2014 it ran a programme for Office 365.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/cloud/cloud-computing/354478/microsoft-has-an-edge-on-aws-according-to-it-executives
cloud computing

Microsoft has an edge on AWS, according to IT executives

8 Jan 2020
Visit/hardware/354336/the-it-pro-products-of-the-year-2019-all-the-years-best-hardware
Hardware

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/laptops/34636/microsoft-surface-laptop-3-hands-on-review-powerfully-tempting
Laptops

Microsoft Surface Laptop 3 13in review: Almost the perfect laptop

6 Dec 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020