Menu
Microsoft bug bounty program adds .NET Core and ASP.NET Core

Microsoft bug bounty program adds .NET Core and ASP.NET Core

The company will pay researchers up to $15,000 for critical vulnerabilities found in these software development platforms

Microsoft has expanded its bug bounty programs to cover the open-source .NET Core and ASP.NET Core application development platforms.

The .NET Core and ASP.NET Core technologies are used to create server applications that can run on Windows, Linux, and Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.

Microsoft will pay monetary rewards between US$500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.

Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.

The supported platforms are the Windows and Linux versions of .NET Core and ASP.NET Core, and higher quality reports will be rewarded with a higher bounty, Microsoft said in a blog post.

The company has ongoing bug bounty programs for Office 365, Azure, and Microsoft Edge. It also rewards researchers for finding novel exploitation techniques against the protections built into Windows, as well as for defensive ideas that can lead to new exploit mitigations.

By expanding the vulnerability rewards program to software development tools, Microsoft will draw attention to their security and indirectly benefit companies who use these technologies for their custom applications.

According to the latest State of Software Security report from application security vendor Veracode, .NET is the second most popular programming language in the enterprise space after Java. Moreover, while Java's popularity has been on the decline for the last few years, the adoption rate for .NET has steadily increased, according to Veracode's data.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments