itwbennett writes: Yesterday, Microsoft started a three-month bug bounty program for two open source tools that are part of Visual Studio 2015. The program applies to the beta versions of Core CLR, which is the execution engine for .NET Core, and ASP.NET, Microsoft's framework for building websites and web applications. Bounties range from $500 to $15,000, although Microsoft will reward more 'depending on the entry quality and complexity.' The highest reward will go to researchers who've found a remote code execution bug with a functioning exploit and an accompanying, high-quality white paper. On the low end, cross-site scripting or cross-site request forgery bugs with a low-quality report will get $500.