Barry Dorrans

Security PM, .NET

Barry is the Security PM for .NET, shepherding fixes for security bugs and vulnerabilities.

Post by this author

ASP.NET Core 6 and Authentication Servers

In .NET 3.0 we began shipping IdentityServer4 as part of our template to support the issuing of JWT tokens for SPA and Blazor applications. Sometime after we shipped, the IdentityServer team made an announcement changing the license for future versions of IdentityServer to a reciprocal public license - a license where the code is still open ...

Upcoming SameSite Cookie Changes in ASP.NET and ASP.NET Core

SameSite is a 2016 extension to HTTP cookies intended to mitigate cross site request forgery (CSRF). The original design was an opt-in feature which could be used by adding a new SameSite property to cookies. It had two values, Lax and Strict. Setting the value to Lax indicated the cookie should be sent on navigation within the same site, or ...

ASP.NET Core 2.1.0-preview1: GDPR enhancements

2018 sees the introduction of the General Data Protection Regulation, an EU framework to allow EU citizens to control, correct and delete their data, no matter where in the word it is held. In ASP.NET Core 2.1 Preview 1 we’ve added some features to the ASP.NET Core templates to allow you to meet some of your GDPR obligations, as well as a ...

Announcing the ongoing Bug Bounty for .NET Core and ASP.NET Core

It's with a great deal of pleasure that I can announce an on-going bug bounty for .NET Core and ASP.NET Core, our cross platform runtime and web stack. During the RC1 and RC2 bounty periods we received quite a few interesting, intriguing and even puzzling bugs which we've addressed. The RC 1 bounty included one report which prompted an entire...

Announcing a new .NET and ASP.NET Core Bug Bounty

Now that you're all updated to RC2 I am pleased to announce a further 3 month bug bounty program for .NET Core and ASP.NET Core, our cross platform runtime and web stack. The program encompasses the RC2 and, should its release fall within the 3 months programme period, the RTM version. The bounty will run from 7th June 2016 till 7th ...

.NET Core and ASP.NET Bug Bounty Update

As we've now released RC1 of .NET Core and ASP.NET restrictions on areas for investigation are now lifted. The entire cross platform stack, including networking is now in scope and eligible for bounty submissions.The ASP.NET web site has instructions on how to install RC1 on Windows, Linux and OS X. Windows researchers can use Visual ...

Feedback usabilla icon