November 24th, 2015

.NET Core and ASP.NET Bug Bounty Update

Barry Dorrans
Technical Program Manager (Security)

As we’ve now released RC1 of .NET Core and ASP.NET restrictions on areas for investigation are now lifted. The entire cross platform stack, including networking is now in scope and eligible for bounty submissions.

The ASP.NET web site has instructions on how to install RC1 on Windows, Linux and OS X. Windows researchers can use Visual Studio 2015, including the free Visual Studio 2015 Community Edition, after installing RC1 from https://get.asp.net. The source for .NET Core can be found on GitHub at https://github.com/dotnet/corefx. The source for ASP.NET v5 can be found on GitHub at https://github.com/aspnet.

As before we encourage you to read the program terms and FAQs before beginning your research or reporting a vulnerability.

Author

Barry Dorrans
Technical Program Manager (Security)

Barry is the Security TPM for .NET, shepherding fixes for security bugs and vulnerabilities.

0 comments

Discussion are closed.