Microsoft bug bounty program expanded

Microsoft has expanded bug bounty program to cover open source .NET Core , ASP.NET Core application development platforms.

The .NET Core , ASP.NET Core technologies are used to create server applications that can run on Windows – Linux- Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.

Microsoft will pay monetary rewards between US$500 – $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.

Flaws in Microsoft’s cross-platform Kestrel web server are also covered by new bug bounty program, as well as vulnerabilities in default ASP.NET Core templates provided with ASP.NET Web Tools Extension for Visual Studio 2015 or later.

The supported platforms are Windows – Linux versions of .NET Core , ASP.NET Core, higher quality reports will be rewarded with a higher bounty, Microsoft said in a blog post.

company has ongoing bug bounty programs for Office 365, Azure, Microsoft Edge. It also rewards researchers for finding novel exploitation techniques against protections built into Windows, as well as for defensive ideas that can lead to new exploit mitigations.

Accord to the latest State of Software Security report from application security vendor Veracode, .NET is the second most popular programming language in enterprise space after Java. Moreover, while Java’s popularity has been on decline for last few years, adoption rate for .NET has steadily increased, according to Veracode’s data.

Leave a Reply