It’s with a great deal of pleasure that I can announce an on-going bug bounty for .NET Core and ASP.NET Core, our cross platform runtime and web stack.

During the RC1 and RC2 bounty periods we received quite a few interesting, intriguing and even puzzling bugs which we’ve addressed. The RC 1 bounty included one report which prompted an entire rewrite of a feature to make it easier for developers to use successfully.

Nothing makes me happier than being able to reward and recognize security researchers for their hard work in discovering and reporting these bugs and I look forward to continuing working with and compensating researchers for their efforts. The entire team recognizes the value of bug bounties and we view them as having two great values, it’s both the right thing to do for our customers and the right thing to do for the security researcher community.

The bounty includes both the Windows and Linux versions of .NET Core and ASP.NET Core, and includes Kestrel, our new web server. It encompasses the current release version, and the latest supported beta, or release candidate of any future versions.