back to article Microsoft flashes cash for security bugs in ASP.NET and .NET Core

Microsoft has launched a bug bounty program for ASP.NET and .NET Core, its open-source web application framework for Windows, Linux, and OS X. .NET Core is a fork of the Windows-only .NET Framework and is still in beta, as is ASP.NET 5, for which beta 8 was released earlier this month. The company will pay from $500 to $15,000 …

  1. elDog

    Too bad these bounties weren't available back in ASP/NET 1.0...

    There would be some rich hunters in the early days.

    In other news, Microsoft is offering $US 0.00001 for every user that has cursed the backslash in pathnames.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too bad these bounties weren't available back in ASP/NET 1.0...

      "There would be some rich hunters in the early days."

      .Net has had a tiny amount of vulnerabilities versus say Java or PHP. It's a historically very secure runtime platform, so I wouldn't count your chickens just yet...

  2. FozzyBear
    Devil

    Presumably the company is betting that developers using its web application framework, even in open source guise, will find themselves drawn towards hosting on Azure, or using a SQL Server database, or linking with Microsoft services such as Office 365 or Azure Active Directory.®

    They bet wrong. Main reason I have moved away from Microslop is so I don't have to use their crap.

    1. Anonymous Coward
      Anonymous Coward

      "They bet wrong"

      Not here - we are busy moving from Amazon to Azure. It's a more powerful product and easier to integrate, use and manage.

    2. Loyal Commenter Silver badge

      "It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt."

      - Mark Twain

      I can't speak for Azure, or Office 365, not having used them, but I do have in-depth knowledge and experience of SQL Server, and found it to be rock solid.

  3. Bronek Kozicki

    Good move

    They are putting money on the table for people to test their open source code. Are we really talking Microsoft here?

    I, for one, would rather use .NET than PHP - but I want it running on Linux. Now that I can see real commitment on Microsoft side, this may yet become viable choice.

    1. dogged

      Re: Good move

      Understandable. I'd rather use Malbolge than bloody PHP.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like