Microsoft Opens Limited Bug Bounty for CoreCLR and ASP.NET 5 Betas

Microsoft Opens Limited Bug Bounty for CoreCLR and ASP.NET 5 Betas

13 February, 2016 by img Jatin Panchal in ASP.Net Development
Microsoft Opens Limited Bug Bounty for CoreCLR and ASP.NET 5 Betas

The bounty program of Microsoft implies lucrative rewards for individuals who can scour notable threats and flaws in any new software or application developed by the company. The bug bounty program is constituted to obtain coherent data on the feasibility of programs and software as well as reward individuals with technical acumen.

Microsoft varies its monetary rewards in the bug bounty scheme from $500 to $100,000 depending on the magnitude of the risk spotted. Microsoft is planning to impart bounties amounting up to $15,000 for finding out the most detrimental facets in the unreleased beta versions of its latest CoreCLR and ASP.NET 5 application software.

The provision of varying scale of rewards in the bounty program envisions proficient research and tactful apprehension of flaws. Through such a program, Microsoft can get a pragmatic evaluation of the beta versions of CoreCLR and ASP.NET 5. Furthermore, researchers and persons adept at evaluating ASP.NET Methodologies can make the most out of this opportunity. Prior to assuming prerogatives, participants of this program have to estimate a lucid impression of the guidelines prescribed by Microsoft for the bug bounty program.

In order to consider participation in the Microsoft bug bounty scheme, individuals must assess their eligibility with respect to the criteria set by the company.

Some of the crucial elements in the criteria set by Microsoft are:

  • The risk which is reported must be new and there should be no instances of recurring setbacks. There should be no references to the findings of other researchers. Some of the examples include data protection discrepancies, encoding drawbacks etc.
  • The bounty encompasses the networking stack of beta version or RC1 version of CoreCLR. Networking bugs are excluded from the premises of the bug bounty program.
  • Reports concerning vulnerability must be affable and ready for processing. This enables a faster evaluation of the reports and quicker remunerations as per the degree of anomaly reported.

The bug bounty program commenced on October 15, 2015 and shall conclude on the 20th of January, 2016. Credible assessment of vulnerabilities and subsequent suggestions for improvement can amount to monetary rewards depending on the nature and complexity of the threat.

Microsoft enjoys sole discretion in case of rewards. The final reports are scrutinized meticulously and eligible submissions are felicitated with proper distinction. Microsoft determines rewards based on the vulnerability type and proofs submitted for validating the claim.

Some of the most common threats reported are concerned with the following aspects:

  • Privilege elevations
  • Tampering or imitations
  • Execution of remote data code
  • Template CSRF or XSS
  • Information misappropriation
  • Shortcomings in security framework
  • Remote DoS

Payments from Microsoft are done in a comprehensive manner after precise evaluation of the submitted reports by proficient engineers at Microsoft. Proper documentation and paperwork are the stand out points in the bug bounty program.

Other crucial entities to be followed in this program include complete confidentiality of the proceedings of your research. Microsoft asks for maintaining secrecy on the exploit codes discovered during evaluation of the beta versions of CoreCLR and ASP.NET 5.



Jatin Panchal

Jatin Panchal is the Founder & Managing Director at Rlogical Techsoft Pvt. Ltd. For more than a decade, he has been fostering the organization's growth in the IT horizons. He has always bestowed personalized approaches on .NET, PHP, Flutter, and Full-Stack web development projects. From startups to large enterprises, he has empowered them to accomplish business goals. By delivering successful industry-driven solutions, he is encouraging the capability of AI, ML, blockchain, and IoT into custom websites and hybrid mobile applications.

Get in Touch

Contact Us

    Input Captcha Here: captcha


    3728 N Fratney St Suite 213, Milwaukee, WI 53212, United States

    Sales Executive: +1 414 253 3132

    Contact Email: [email protected]


    5 Kew Road, TW9 2PR, London

    Contact Email: [email protected]

    sprite_image.png?v=1716852244 INDIA (Head Office)

    701 & 801 Satkar Complex, Opp Tanishq Showroom,Behind Lal Bungalow, Chimanlal Girdharlal Rd, Ahmedabad, Gujarat 380009

    Rahul Panchal: +91-9824601707
    Jatin Panchal: +91-9974202036

    Contact Email: [email protected]

    sprite_image.png?v=1716852244 JAPAN

    301 1-28-21 Hayabuchi, Tsuzuki-ku, Yokohama-shi, Kanagawa 224-0025, Japan

    Contact Email: [email protected]

    sprite_image.png?v=1716852244 Australia

    Suit 3, Level 27, 1 Farrer Place Sydney NSW 2000

    Contact Email: [email protected]