Jason Shirk of the Microsoft Security Response Center announced yesterday that the company is again expanding its bug bounty programs to include the .NET Core and ASP.NET Beta. The bounty programs are essentially hit lists for various bugs, where Microsoft pays contributors rewards for finding and fixing bugs throughout the company’s software stack.
Microsoft projects like .NET Core, having been recently been open sourced, are expanding to become the backbone for not just Microsoft’s software ecosystem, but for the company’s cross platform endeavors. As such, it is paramount Microsoft expands the bounty program’s reach as much as possible to incentivize independent contributors and developers to help the company solve down bugs and problems.
The expanded bounty programs include:
- .NET Core and ASP.NET Beta 8 and any subsequent Betas or Release Candidates during the bounty period
- Supported platforms on Windows, OS X and Linux
- The bounty will run October 20, 2015 – January 20, 2016
- Bounty payouts will range from $500 USD to $15,000 USD
Up to date information on the program can be found here.