IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft targets .NET Core with new bug bounty rewards

Redmond offers more cash prizes for sourcing errors in its upcoming web frameworks

Microsoft Sign

Microsoft has expanded its bug bounty programme to include new web and application technologies that are due for release in the coming months.

The company's latest programme will focus on the web application frameworks .NET Core and ASP.NET Core RC2 beta builds, which were revealed last month.

Jason Shirk, senior director of Microsoft's Security Response Center, said the latest programme will run until 7 September this year.

The platforms for testing will be Windows, OS X and Linux.

Rewards for qualifying bug discoveries will range from a minimum of $500 up to $15,000, depending on the severity of the security flaw.

In order to qualify for a reward, researchers must submit an eligible and previously unreported bug. Accepted submissions include remote code execution (RCE) faults, security design flaws, remote denial-of-service (DoS) holes, spoofing weaknesses, information leaks and XSS vulnerabilities.

"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits," said Shirk.

This new programme has succeeded Microsoft's previous CoreCLR and ASP.NET 5 beta bounty hunts.

Other Microsoft bounty programmes include the ongoing Nano Server beta, Online Services, and Mitigation bypass and Bounty for Defense programme.

More information about the .NET Core and ASP.NET Core RC2 programme can be found on the Microsoft blog and technet programme page.

The RC2 application can be downloaded here.

Microsoft frequently runs bug bounty programmes on its services. In 2014 it ran a programme for Office 365.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022
Microsoft warns of new botnet variant targeting Windows and Linux systems
Security

Microsoft warns of new botnet variant targeting Windows and Linux systems

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

11 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022