Menu
Microsoft to pay up to US$15K for bugs in two Visual Studio tools

Microsoft to pay up to US$15K for bugs in two Visual Studio tools

The program applies to .NET Core and ASP.NET, part of Microsoft's runtime and web stack

Microsoft has started a three-month bug bounty program for two tools that are part of Visual Studio 2015.

The program applies to the beta versions of Core CLR, which is the execution engine for .NET Core, and ASP.NET, Microsoft's framework for building websites and web applications. Both are open source.

"The more secure we can make our frameworks, the more secure your software can be," wrote Barry Dorrans, security lead for ASP.NET, in a blog post on Tuesday.

All supported platforms that .NET Core and ASP.NET run on will be eligible for bounties except for beta 8, which will exclude the networking stack for Linux and OS X, Dorrans wrote.

"In later beta and RC releases, once our cross-platform networking stack matches the stability and security it has on Windows, we'll include it within the program," he wrote.

Bounties range from $500 to $15,000, although Microsoft will reward more "depending on the entry quality and complexity." The program started on Oct. 20 and will conclude on Jan. 20, 2016.

The highest reward will go to researchers who've found a remote code execution bug with a functioning exploit and an accompanying, high-quality white paper. On the low end, cross-site scripting or cross-site request forgery bugs with a low-quality report will get $500.

Microsoft is one of many major vendors that have embraced rewarding independent researchers for their work. The advantage of such programs is that a wide variety of people can look at the code, increasing the chance that bugs will be discovered.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Show Comments