Microsoft is expanding its bug bounty program with a special initiative that will focus on .NET Core and ASP.NET Core RC2. Between June 7 and September 7, Microsoft will pay between $500 and $15,000 (and possibly more) for bugs in the beta builds of its Web application development frameworks.
In order to receive the payout, security researchers must submit bugs that are valid and previously unreported. As part of the program, Microsoft will accept a wide variety of vulnerabilities, including remote code execution (RCE) vulnerabilities, security design flaws, privilege escalation bugs, remote denial-of-service (DoS) weaknesses, information leaks and cross-site scripting (XSS) vulnerabilities.
