Menu
Microsoft to pay up to US$15K for bugs in two Visual Studio tools

Microsoft to pay up to US$15K for bugs in two Visual Studio tools

The program applies to .NET Core and ASP.NET, part of Microsoft's runtime and web stack

Microsoft has started a three-month bug bounty program for two tools that are part of Visual Studio 2015.

The program applies to the beta versions of Core CLR, which is the execution engine for .NET Core, and ASP.NET, Microsoft's framework for building websites and web applications. Both are open source.

"The more secure we can make our frameworks, the more secure your software can be," wrote Barry Dorrans, security lead for ASP.NET, in a blog post on Tuesday.

All supported platforms that .NET Core and ASP.NET run on will be eligible for bounties except for beta 8, which will exclude the networking stack for Linux and OS X, Dorrans wrote.

"In later beta and RC releases, once our cross-platform networking stack matches the stability and security it has on Windows, we'll include it within the program," he wrote.

Bounties range from $500 to $15,000, although Microsoft will reward more "depending on the entry quality and complexity." The program started on Oct. 20 and will conclude on Jan. 20, 2016.

The highest reward will go to researchers who've found a remote code execution bug with a functioning exploit and an accompanying, high-quality white paper. On the low end, cross-site scripting or cross-site request forgery bugs with a low-quality report will get $500.

Microsoft is one of many major vendors that have embraced rewarding independent researchers for their work. The advantage of such programs is that a wide variety of people can look at the code, increasing the chance that bugs will be discovered.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments