Up to $40,000 in rewards will be given by Microsoft for critical .NET and ASP.NET Core remote code execution and privilege escalation bugs as part of its upgraded .NET bug bounty program that seeks to better reflect the challenges in discovering such vulnerabilities, BleepingComputer reports.
Microsoft will also be providing up to $30,000 and up to $20,000 in rewards for critical security feature bypass and critical remote denial-of-service flaws, respectively, with the expanded program covering not only all supported .NET and ASP.NET versions, but also F#, supported iterations of ASP.NET Core for .NET Framework, GitHub Actions in the .NET and ASP.NET Core repositories, and templates with supported .NET and ASP.NET Core versions. "We're excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program's scope, simplify the award structure, and offer great incentives for security researchers," said Microsoft Senior Program Manager for Researcher Incentives and Bounty Madeline Eckert.
Microsoft will also be providing up to $30,000 and up to $20,000 in rewards for critical security feature bypass and critical remote denial-of-service flaws, respectively, with the expanded program covering not only all supported .NET and ASP.NET versions, but also F#, supported iterations of ASP.NET Core for .NET Framework, GitHub Actions in the .NET and ASP.NET Core repositories, and templates with supported .NET and ASP.NET Core versions. "We're excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program's scope, simplify the award structure, and offer great incentives for security researchers," said Microsoft Senior Program Manager for Researcher Incentives and Bounty Madeline Eckert.
