Microsoft expands its Bounty bug finding program to Edge, offers up to $15,000 in rewards

Dave W. Shanahan

Windows 10, Microsoft, Edge

Looking for more info on the Windows Insider program? Check out our Windows Insider Page for the latest builds from all the channels, information on the program, links, and more!

Microsoft will be hosting a bug bounty looking for Remote Code Execution vulnerabilities in Edge on Windows Insider Preview builds. In the journey to provide the most secure browser experience available with Edge, and the bug bounty looks like Microsoft’s latest push to get more people to use their Edge browser.

The Windows Insider program was developed to help mold the future of Windows by testing out new features and capabilities, which can include security bugs and other issues. Microsoft Bounty Programs are starting earlier in Windows Insider Preview builds, where operating system instabilities are most frequent.

Microsoft is enlisting the help of others to find any security loopholes or bugs by offering $1,500 in the event someone finds and reports a security vulnerability in Edge that has already been found internally.

Additionally, there are other highlights to the Microsoft Edge Remote Code Execution Bounty, including:

  • Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
  • Also, Includes Open Source sections of Chakra
  • The bounty will run August 4, 2016 through May 15, 2017
  • Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (Slow track)

The Microsoft Edge Remote Code Execution Bounty will be a new addition to the Online Services, and Mitigation bypass and Bounty for Defense bounty programs that are already in place at Microsoft. Microsoft uses the opportunities presented by bounty programs to work with the Security Development Lifecycle (SDL) and Operational Security Assurance (OSA) framework.

For more information on the latest bounty programs, visit Microsoft’s Security TechCenter.