Microsoft has announced that it is extending its bug bounty programme to both the Windows and Linux versions of .NET Core and ASP.NET Core.
The bounty payouts will range from US$500 to US$15,000, depending on the nature of the bugs found. Microsoft classifies security vulnerabilities based on their impact as critical, important, moderate and low.
Bounties will be paid for critical and important bugs found in the latest release to manufacturing version of release candidates of the two software packages mentioned.
This will include the default ASP.NET Core templates which come along with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.
{loadposition sam08}Also included is the new Web server from Microsoft known as Kestrel.
In order to qualify for a payment, the vulnerability must be submitted on, and reproducible on the latest RTM version or on supported beta or RC releases.
Payments will vary depending on the quality of documentation provided.
Microsoft has a number of active bounty programmes for other applications that it sells.