Microsoft has expanded its bug bounty programs to cover the open-source .NET Core and ASP.NET Core application development platforms.
The .NET Core and ASP.NET Core technologies are used to create server applications that can run on Windows, Linux, and Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.
Microsoft will pay monetary rewards between US$500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.
Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.
The supported platforms are the Windows and Linux versions of .NET Core and ASP.NET Core, and higher quality reports will be rewarded with a higher bounty, Microsoft said in a blog post.