Microsoft has launched a three-month bug bounty program for its cross platform open source web stack .NET Core and ASP.NET. Here’s the list of vulnerabilities Microsoft will be considering - and how much the company is willing to pay - as part of the program.
.NET Core is the remodelled .NET software framework while ASP.NET is the company’s server-side web applications framework. The latest versions of both are still in beta but Microsoft is eager to quickly weed out any security issues before they go into general availability.
While the bounty program covers all platforms .NET Core and ASP.NET runs on (Windows, Linux and OS X) Microsoft is excluding the networking stack on Linux and OS X for now.
"In later beta and RC releases, once our cross platform networking stack matches the stability and security it has on Windows, we'll include it within the program," Microsoft said in a blog post.
Here’s the list of bugs Microsoft is looking for and how much it’s willing to pay for those who find them:
[Via Microsoft Developer Blog]