Microsoft today announced the beginning of a new bug bounty to pay researchers to find security holes in some of the tech giant's recently open-sourced web development tools.
The new program specifically applies to Microsoft's .NET Core foundational libraries known as CoreFX and the ASP.NET server-side Web app development framework. In a surprising move, Microsoft announced nearly a year ago that they would be released under open-source licenses, and now that they're available on GitHub, Microsoft is committing to make them better from a security standpoint, by giving away $500-$15,000 for each qualifying submission.
“This is the right thing for our customers and for the security researcher community,” ASP.NET security lead Barry Dorrans wrote in a blog poston the news.
Networking features for Linux and OS X are not part of the bug bounty initially, but they will be later on, Dorrans wrote.
This isn't Microsoft's first bug bounty. There have been others for the Edge browser, the Internet Explorer 11 preview, and certain parts ofMicrosoft Azure and Office 365.
Bug bounties have become common in the past couple of years, with companies like GitHub,Google, and Yahoo paying out for the discovery of security vulnerabilities by third-party researchers, and startups like BugCrowd and HackerOneoffering to run them.
Source :VentureBeat
0 comments:
Post a Comment