Microsoft has promised rewards to all those who find bug in Core CLR and Asp.net beta 5. The program ends on 20Jan 2016.
Following vulnerabilities will not be considered:
Following vulnerabilities will not be considered:
- Publicly-disclosed vulnerabilities which are already known to Microsoft and the wider security community
- Vulnerabilities in anything earlier than the current public betas of CoreCLR & ASP.NET 5 ( >= beta 8)
- Vulnerabilities in released versions of ASP.NET
- Vulnerabilities in user-generated content
- Vulnerabilities requiring extensive or unlikely user actions
- Vulnerabilities which disable or do not use any built in mitigation mechanisms
- Low impact CSRF bugs
- Server-side information disclosure
- Vulnerabilities in platform technologies that are not unique to CoreCLR or ASP.NET (for example IIS, OpenSSL etc.)
- Networking bugs in Beta 8 are not included.
Find more details here: CoreCLR and ASP.NET 5 Beta Bug Bounty Program Terms
No comments:
Post a Comment