microsoftheadquarters100623370orig
Security

Microsoft bug bounty program adds .NET Core and ASP.NET Core

Microsoft has expanded its bug bounty programs to cover the open-source .NET Core and ASP.NET Core application development platforms.

The .NET Core and ASP.NET Core technologies are used to create server applications that can run on Windows, Linux, and Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.

Microsoft will pay monetary rewards between US$500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.

Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.

The supported platforms are the Windows and Linux versions of .NET Core and ASP.NET Core, and higher quality reports will be rewarded with a higher bounty, Microsoft said in a blog post.

The company has ongoing bug bounty programs for Office 365, Azure, and Microsoft Edge. It also rewards researchers for finding novel exploitation techniques against the protections built into Windows, as well as for defensive ideas that can lead to new exploit mitigations.

By expanding the vulnerability rewards program to software development tools, Microsoft will draw attention to their security and indirectly benefit companies who use these technologies for their custom applications.

According to the latest State of Software Security report from application security vendor Veracode, .NET is the second most popular programming language in the enterprise space after Java. Moreover, while Java's popularity has been on the decline for the last few years, the adoption rate for .NET has steadily increased, according to Veracode's data.

IDG Insider

PREVIOUS ARTICLE

« Razer replaces Blade and Blade Stealth laptop innards with newer, faster hardware

NEXT ARTICLE

Apple quashes 3 zero-days with emergency Mac update »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?