The Complete Magazine on Open Source

Microsoft bug bounty now includes open source .Net Core and ASP.Net Core

, / 3151 0


Microsoft has expanded its existing bug bounty programme towards open source .Net Core and ASP.Net Core. The software giant is set to pay monetary rewards of up to $15,000 to developers who dig into the RTM, beta and RC releases of the community-backed platforms.

To reach a large number of developers, Microsoft is giving away bounty payouts from $500 to $15,000. This will be based on the quality of the report. In addition to .Net Core and ASP.Net Core, the bounty will be given for web server Kestrel. Developers can also find vulnerabilities in the default ASP.Net Core templates provided with the ASP.Net Web Tools Extension for Visual Studio 2015 or later.

“The vulnerability must both be submitted on and reproduce on the latest RTM version or on supported Beta or RC releases above the current RTM version to qualify for a bounty,” Microsoft’s security team said in a blog post.

Microsoft is running bug bounty programmes for products like Office 365, Azure and Edge. Also, the Redmond company is rewarding developers finding exploitation within Windows operating system.

In July, Microsoft released .Net Core 1.0 as its cross-platform open source offering for developers. The runtime platform was also reached to Red Hat Enterprise Linux and OpenShift to offer .Net framework on a variety of environments.