Microsoft to pay up to US$15K for bugs in two Visual Studio tools

Microsoft has started a three-month bug bounty program for two tools that are part of Visual Studio 2015.

The program applies to the beta versions of Core CLR, which is the execution engine for .NET Core, and ASP.NET, Microsoft’s framework for building websites and web applications. Both are open source.

“The more secure we can make our frameworks, the more secure your software can be,” wrote Barry Dorrans, security lead for ASP.NET, in a blog post on Tuesday.

All supported platforms that .NET Core and ASP.NET run on will be eligible for bounties except for beta 8, which will exclude the networking stack for Linux and OS X, Dorrans wrote.

To read this article in full or to leave a comment, please click here

Network World Security