Microsoft Bounty Program expansion – .NET Core and ASP.NET RC2 Beta Bounty

Today I have another exciting expansion of the Microsoft Bounty Program. Please visit to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Core and ASP.NET Core RC2 Beta Build which was announced on May 16, 2016.

The program highlights are:

  • Bounty applies to .NET Core, ASP.NET Core RC2 and any subsequent release candidates during the bounty period, or the final RTM version if released within the bounty period.
  • Supported platforms are Windows, OS X and Linux.
  • The bounty will run June 7, 2016 to September 7, 2016.
  • Bounty payouts will range from $500 USD to $15,000 USD.
  • You can install the RC2 from

This new bounty will be in addition to our ongoing Nano Server beta, Online Services, and Mitigation bypass and Bounty for Defense bounty programs. These additions are a part of the rigorous security programs at Microsoft. Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits.

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at and in the associated terms and FAQs.

Happy hacking!

Jason Shirk