Microsoft extends Bug Bounty program to include .Net Core and ASP.Net Core

Kareem Anderson

Microsoft is expanding its Bug Bounty Programs to include .NET Core and ASP.NET to its suite of financially sponsored bounty searches. Starting earlier this month, September 1, 2016, Microsoft will be offering bounties for Windows and Linux versions two of its popular developing codes in .NET Core and ASP.NET Core. Many Windows observers may already know about the .NET Core, but ASP.NET Core may be a new enterprise for some.

As a bit of a refresher:

ASP.NET Core is a new open-source and cross-platform framework for building modern cloud-based internet connected applications, such as web apps, IoT apps and mobile backends. ASP.NET Core apps can run on .NET Core or on the full .NET Framework. It was architected to provide an optimized development framework for apps that are deployed to the cloud or run on-premises. It consists of modular components with minimal overhead, so you retain flexibility while constructing your solutions. You can develop and run your ASP.NET Core apps cross-platform on Windows, Mac and Linux. ASP.NET Core is open source at GitHub.”

For those interested in getting started, Microsoft has issued these details:

  • Microsoft will pay a bounty for critical and important vulnerabilities on the latest RTM version, or supported Beta or RC releases of latest versions of Microsoft .NET Core, ASP.NET Core
  • It includes vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later
  • Also included is Kestrel, Microsoft’s new web server
  • The supported platforms are Windows and Linux versions of .NET Core and ASP.NET Core
  • The vulnerability must both be submitted on and reproduce on the latest RTM version, or on supported Beta or RC releases above the current RTM version to qualify for a bounty
  • The better the quality of your report, the greater will be the payment
  • The bounty will begin on September 1, 2016 and run indefinitely (ending at Microsoft’s discretion)
  • Bounty payouts will range from $500 USD to $15,000 USD

For anyone looking to test out .NET Core or ASP.NET Core for themselves, Microsoft is encouraging downloads of the respective sources with Visual Studio 2015 Update 3, .NET Core 1.0.0 – VS 2015 Tooling Preview 2 or .NET Core SDK for Windows.