Microsoft bug bounty now includes open source .NET Core and ASP.NET Core
Microsoft has expanded its existing bug bounty programme to cover open source .NET Core and ASP.NET Core. The software giant is set to pay monetary rewards to developers who dig into the RTM, beta and RC releases of the community-backed platforms.
To reach out to a large number of developers, Microsoft is giving away bounty payouts from US$ 500 to US$ 15,000. This will be based on the quality of the report. In addition to .NET Core and ASP. NET Core, payouts will also be made to those spotting bugs in Web server Kestrel. Developers can also find vulnerabilities in the default ASP.NET Core templates provided with the ASP. NET Web Tools Extension for Visual Studio 2015 or later.
“The vulnerability must be submitted on and reproduced on the latest RTM version or on supported beta or RC releases above the current RTM version to qualify for a bounty,” Microsoft’s security team said in a blog post.
Microsoft is running bug bounty programmes for products like Office 365, Azure and Edge. It is also rewarding developers finding exploitation within the Windows operating system.
In July, Microsoft released .NET Core 1.0 as its cross-platform open source offering for developers. The runtime platform was also developed for RHEL and OpenShift to offer .NET framework on a variety of environments.