Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta which Microsoft released earlier this month.
.NET and ASP.NET represent critical building blocks in the Visual Studio Development Suite. This bounty is particularly interesting because the libraries and functions included in .NET enable developers to write their own programs with great security and stability, increasingly on many Operating Systems. This will extend to all supported platforms, initially including Linux and OS X, with some current exclusions to non-Windows platforms. You can find more information in the FAQs, .NET program terms and the .NET team’s blog. The highlights are as follows:
.NET Core and ASP.NET Beta 8 and any subsequent Betas or Release Candidates during the bounty period
Presently includes supported platforms on Windows, OS X and Linux
The bounty will run October 20, 2015 – January 20, 2016
Bounty payouts will range from $500 USD to $15,000 USD
These additions to the Microsoft Bounty Program will be part of the rigorous security programs at Microsoft. Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits.
As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.