HomeWinBuzzer NewsMicrosoft Edge Is Now a Permanent Member of the Bug Bounty Program,...

Microsoft Edge Is Now a Permanent Member of the Bug Bounty Program, with Rewards of up to $15,000

The Microsoft Edge bug bounty program gives rewards for remote code executions and other security issues on a sliding scale depending on the severity. Microsoft has spent $200,000 on bounties so far, and will likely spend far more in the future.

-

has announced an extension of the Edge bug bounty program, and this time it's indefinite. The company first released the program in April of 2015, before the launch of , but shut it down shortly after. In August 2016, it brought it back, and in September it was expanded.

It's fair to say that some have seen this coming, and Microsoft has gained a lot of useful information so far. In a blog post on Wednesday, it revealed that it has paid out over $200,000 in bounties.

“This with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers,” said security program manager Akila Srinivasan.

Microsoft Edge Bug Bounty Program Rules

Despite the large financial investment, its worth noting that Microsoft doesn't just hand out money for any old bug. There are some caveats, and it only applies to certain security aspects. Here are the full details:

  • “Any critical remote code execution or important design issue that compromises a customer's privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely on Microsoft's discretion
  • Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (slow track)
  • All security bugs are important to us and we request you report all browser security bugs to [email protected] via Coordinated Vulnerability Disclosure (CVD) policy”

While the $15,000 payouts will likely be reserved for only the most crucial bugs, this is still a nice incentive. Crowdfunding security often reveals exploits that are more outside the box, and should result in a safer experience for all users.

SourceMicrosoft
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News