Microsoft .NET Core and ASP.NET Core Release Candidate Bug Bounty Program
On October 20, 2015, Microsoft announced a bounty program for .NET Core CLR and ASP.NET 5 Betas shipping with Visual Studio 2015. This program concluded on January 20, 2016 and on June 7, 2016, Microsoft announced the successor of the program to include the .NET Core and ASP.NET Core Beta Builds and any RTM versions released within the bounty program. Individuals across the globe have the opportunity to submit vulnerabilities found in the latest release candidates, or RTM version of .NET Core and ASP.NET Core running on Windows, Linux, and MacOS. Qualified submissions are eligible for payment from a minimum of $500 USD to $15,000 USD, and bounties will be paid out at Microsoft’s discretion based on the quality and complexity of the vulnerability. Microsoft may pay more than $15,000 USD, depending on the entry quality and complexity.