Microsoft .NET Core and ASP.NET Core Bug Bounty Program Terms
We are pleased to announce an ongoing .NET Core and ASP.NET Core bug bounty program starting on September 1, 2016. For the duration of the program, we invite you to email firstname.lastname@example.org to submit vulnerabilities found in the latest release candidates, or RTM version of .NET Core and ASP.NET Core running on Windows, Linux and MacOS. You can install the current RTM version and subsequent betas from https://dot.net/.
Qualified submissions are eligible for payments of $500-$15,000 USD, depending on the quality and complexity of the vulnerability as determined by Microsoft. For extremely high-quality submissions we may pay more than $15,000 USD, at our sole discretion.
WHAT CONSTITUTES AN ELIGIBLE SUBMISSION?
To be eligible for payment, your submissions must meet the following criteria:
Microsoft may reject any submission that it determines does not meet these criteria, at its sole discretion.
HOW ARE PAYMENT AMOUNTS SET?
The payment range for eligible submissions will be based upon the following:
*Higher payouts are possible, at Microsoft’s sole discretion, based on entry quality and complexity
WHAT CONSTITUTES AN INELIGIBLE SUBMISSION?
The aim of the bug bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of our users and our users’ data. While we encourage any submissions that describe security vulnerabilities in ASP.NET, the following are examples of vulnerabilities that will not earn a bounty reward under this program:
We reserve the right to reject any submission that we determine, in our sole discretion, falls into any of these categories of vulnerabilities even if otherwise eligible for a bounty.
.NET and ASP.NET BUG BOUNTY PROGRAM TIMELINES
BOUNTY PROGRAM FREQUENTLY ASKED QUESTIONS AND PROGRAM REQUIREMENTS
It is your responsibility to comply with the Microsoft Bounty Program – Comprehensive Terms listed in the FAQ. Please see the Microsoft Bounty Program FAQ to get detailed instructions on:
Thank you for participating in the Microsoft Bug Bounty Program!
Microsoft Bounty Program Navigation Bar