Microsoft targets .NET Core with new bug bounty rewards

Redmond offers more cash prizes for sourcing errors in its upcoming web frameworks

Microsoft has expanded its bug bounty programme to include new web and application technologies that are due for release in the coming months.

The company's latest programme will focus on the web application frameworks .NET Core and ASP.NET Core RC2 beta builds, which were revealed last month.

Jason Shirk, senior director of Microsoft's Security Response Center, said the latest programme will run until 7 September this year.

The platforms for testing will be Windows, OS X and Linux.

Rewards for qualifying bug discoveries will range from a minimum of $500 up to $15,000, depending on the severity of the security flaw.

In order to qualify for a reward, researchers must submit an eligible and previously unreported bug. Accepted submissions include remote code execution (RCE) faults, security design flaws, remote denial-of-service (DoS) holes, spoofing weaknesses, information leaks and XSS vulnerabilities.

"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits," said Shirk.

This new programme has succeeded Microsoft's previous CoreCLR and ASP.NET 5 beta bounty hunts.

Other Microsoft bounty programmes include the ongoing Nano Server beta, Online Services, and Mitigation bypass and Bounty for Defense programme.

More information about the .NET Core and ASP.NET Core RC2 programme can be found on the Microsoft blog and technet programme page.

The RC2 application can be downloaded here.

Microsoft frequently runs bug bounty programmes on its services. In 2014 it ran a programme for Office 365.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Bug fixes and app updates arrive with latest Windows 11 preview build
Microsoft Windows

Bug fixes and app updates arrive with latest Windows 11 preview build

17 Sep 2021
Podcast transcript: Are foldable phones more than a fad?
Mobile

Podcast transcript: Are foldable phones more than a fad?

17 Sep 2021
The IT Pro Podcast: Are foldable phones more than a fad?
Mobile

The IT Pro Podcast: Are foldable phones more than a fad?

17 Sep 2021
Microsoft appoints Brad Smith as vice chair
Careers & training

Microsoft appoints Brad Smith as vice chair

15 Sep 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021