Microsoft today announced the beginning of a new bug bounty to pay researchers to find security holes in some of the tech giant’s recently open-sourced web development tools.
The new program specifically applies to Microsoft’s .NET Core foundational libraries known as CoreFX and the ASP.NET server-side Web app development framework. In a surprising move, Microsoft announced nearly a year ago that the software would be released under open-source licenses. Now that they’re available on GitHub, Microsoft is committing to make them better from a security standpoint by giving away $500 to $15,000 for each qualifying submission.
“This is the right thing for our customers and for the security researcher community,” ASP.NET security lead Barry Dorrans wrote in a blog post on the news.
Networking features for Linux and OS X are not part of the bug bounty initially, but they will be later on, Dorrans wrote.
This isn’t Microsoft’s first bug bounty. There have been others for the Edge browser, the Internet Explorer 11 preview, and certain parts of Microsoft Azure and Office 365.
Bug bounties have become common in the past couple of years, with companies like GitHub, Google, and Yahoo paying out for the discovery of security vulnerabilities by third-party researchers, and startups like BugCrowd and HackerOne springing up to scoop up such bounties.