As we’ve now released RC1 of .NET Core and ASP.NET restrictions on areas for investigation are now lifted. The entire cross platform stack, including networking is now in scope and eligible for bounty submissions.
The ASP.NET web site has instructions on how to install RC1 on Windows, Linux and OS X. Windows researchers can use Visual Studio 2015, including the free Visual Studio 2015 Community Edition, after installing RC1 from https://get.asp.net. The source for .NET Core can be found on GitHub at https://github.com/dotnet/corefx. The source for ASP.NET v5 can be found on GitHub at https://github.com/aspnet.
As before we encourage you to read the program terms and FAQs before beginning your research or reporting a vulnerability.
0 comments