Microsoft Offering Up to $15,000 in .NET Core and ASP.NET Bug Bounty Rewards
Microsoft recently launched the .NET Core and ASP.NET Beta, and today it announced the very first bug bounty program for the development suite – supposed to encourage security researchers to look for flaws in its code.
Microsoft says the bounty program will remain open through January 20 and payouts range from $500 to $15,000, depending on the type of flaw you find.
“This bounty is particularly interesting because the libraries and functions included in .NET enable developers to write their own programs with great security and stability, increasingly on many operating systems,” wrote Jason Shirk, senior director of the Microsoft Security Response Center (MSRC) in a blog post published today. “This will extend to all supported platforms, initially including Linux and OS X, with some current exclusions to non-Windows platforms.”
The .NET Core and ASP.NET beta bounties are the second Microsoft programs for individual vulnerabilities in software. Earlier, the company opened an online services bounty on Sept. 23 last year that applies to vulnerabilities found in eligible Microsoft online services such as Office 365 and Azure services.
In order to participate in this program, you must be 14 or older, live in any country without US sanctions, and not work for Microsoft. You can read the full terms of the program HERE.