Date:10/06/16
Microsoft has expanded the company's bug bounty program to include new service builds which are due for release in the coming year.
The Redmond giant said on Tuesday that the new program will focus on .NET Core and ASP.NET Core RC2 beta builds of the new web application frameworks built from the ground up, announced in May this year.
According to Jason Shirk, the senior director of Microsoft's Security Response Center, the bounty will run from 7 June to 7 September this year, and rewards will range from $500 to $15,000, depending on the severity of the security flaw.
Researchers seeking a reward must submit a valid and previously unreported bug. Acceptable submissions include remote code execution (RCE) vulnerabilities, security design flaws, privilege escalation bugs, remote denial-of-service (DoS) weaknesses, information leaks and XSS vulnerabilities.
The limit for payments is set at $15,000, however, Microsoft may issue a higher amount if the reported bug warrants special treatment.
Microsoft Windows, Apple OS X and Linux platforms are supported.
The new bug bounty program joins Microsoft's Nano Server beta, Online Services and Mitigation bypass and Bounty for Defense programs. The Nano Server beta program was launched in May to improve the remotely administered, headless installation option of the server operating system.
"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third-party audits," Shirk says.
RC2 can be downloaded from here https://www.microsoft.com/net/download#core.
Microsoft expands bug bounty program with .NET Core rewards
Microsoft has expanded the company's bug bounty program to include new service builds which are due for release in the coming year.The Redmond giant said on Tuesday that the new program will focus on .NET Core and ASP.NET Core RC2 beta builds of the new web application frameworks built from the ground up, announced in May this year.
According to Jason Shirk, the senior director of Microsoft's Security Response Center, the bounty will run from 7 June to 7 September this year, and rewards will range from $500 to $15,000, depending on the severity of the security flaw.
Researchers seeking a reward must submit a valid and previously unreported bug. Acceptable submissions include remote code execution (RCE) vulnerabilities, security design flaws, privilege escalation bugs, remote denial-of-service (DoS) weaknesses, information leaks and XSS vulnerabilities.
The limit for payments is set at $15,000, however, Microsoft may issue a higher amount if the reported bug warrants special treatment.
Microsoft Windows, Apple OS X and Linux platforms are supported.
The new bug bounty program joins Microsoft's Nano Server beta, Online Services and Mitigation bypass and Bounty for Defense programs. The Nano Server beta program was launched in May to improve the remotely administered, headless installation option of the server operating system.
"Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third-party audits," Shirk says.
RC2 can be downloaded from here https://www.microsoft.com/net/download#core.
Views: 415
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
