Wednesday 9 December 2015

Microsoft announced rewards on bugs in CoreCLR and Asp.Net Beta 5

Microsoft has promised rewards to all those who find bug in Core CLR and beta 5. The program ends on 20Jan 2016.

Following vulnerabilities will not be considered:

  • Publicly-disclosed vulnerabilities which are already known to Microsoft and the wider security community
  • Vulnerabilities in anything earlier than the current public betas of CoreCLR & ASP.NET 5 ( >= beta 8)
  • Vulnerabilities in released versions of ASP.NET
  • Vulnerabilities in user-generated content
  • Vulnerabilities requiring extensive or unlikely user actions
  • Vulnerabilities which disable or do not use any built in mitigation mechanisms
  • Low impact CSRF bugs
  • Server-side information disclosure
  • Vulnerabilities in platform technologies that are not unique to CoreCLR or ASP.NET (for example IIS, OpenSSL etc.)
  • Networking bugs in Beta 8 are not included.

No comments:

Post a Comment