Microsoft Extends Bug Bounty Program to ASP.NET and .NET Core

In late October Microsoft extended it’s Bug Bounty for security vulnerabilities within it’s Core CLR (Common Language Runtime), the execution engine for .Net Core, and ASP.Net (both technologies are open source and currently in late beta testing). These technologies are used to build web applications and in the implementation of websites.

As with previous bug bounties security researchers will be rewarded financially for discovering and responsibly disclosing (defined) these flaws to Microsoft. Their submissions need to include both a functioning exploit and a high quality white-paper. The newly extended bounty program which includes the above mentioned technologies will run from the 20th of October 2015 until the 20th of January 2016.

I’m very pleased to see that Microsoft continues to extend their bug bounty program to include the fundamental frameworks used to create web apps and websites. Any successful submissions will not only benefit the researchers but all of the customers who use and will use these technologies in the future.

Bounties for Online Services, Microsoft Edge and Internet Explorer 11 Technical Preview have been paid out in the past illustrating the success of such programs which benefits everyone.

Further details of the bug programme for ASP.NET and .NET Core are available within the following links:

Microsoft Bounty Programs Expansion – .NET Core and ASP.NET Beta Bounty
Microsoft Bounty Programs
Microsoft CoreCLR and ASP.NET 5 Beta Bug Bounty Program Terms

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s