QuoVadis Posted September 5, 2016 Report Posted September 5, 2016 It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1, 2016. The program highlights are: Microsoft will pay a bounty for critical and important vulnerabilities on the latest RTM version, or supported Beta or RC releases of latest versions of Microsoft .NET Core, ASP.NET Core It includes vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later Also included is Kestrel, Microsoft’s new web server The supported platforms are Windows and Linux versions of .NET Core and ASP.NET Core The vulnerability must both be submitted on and reproduce on the latest RTM version, or on supported Beta or RC releases above the current RTM version to qualify for a bounty The better the quality of your report, the greater will be the payment The bounty will begin on September 1, 2016 and run indefinitely (ending at Microsoft’s discretion) Bounty payouts will range from $500 USD to $15,000 USD https://blogs.technet.microsoft.com/msrc/2016/09/01/announcing-an-ongoing-microsoft-net-core-and-asp-net-core-bug-bounty/ 1 Quote
