Now you can join the ranks of Boba Fett and Dog the Bounty Hunter! Microsoft is taking the stability of their open source CoreCLR and ASP.NET 5 stacks to the people by offering up cash rewards for developers who can find, and prove, defects in the CoreCLR or ASP.NET 5. Not every bug is created equal of course and the pay scale is based on the severity of the defect and the ability of the developer to show the exploit working. It also doesn’t include the entire beta stack but there’s ample opportunity to find defects.
The bounty includes all supported platforms .NET Core and ASP.NET runs on; Windows, Linux and OS X. However with the first eligible release, beta 8, we are excluding the networking stack on Linux and OS X. In later beta and RC releases, once our cross platform networking stack matches the stability and security it has on Windows, we’ll include it within the program. — .NET Web Development and Tools Blog
The payouts are outlined in a table on the official Program Terms page with the highest rewards of $15,000 going for functional exploits that allow remote code execution and the lowest for seemingly poorly documented CSRF and XSS defects which will fetch a mere $500.