Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft’s extended Edge bug bounty program offers rewards up to $15K

By

Man holding money
Image used with permission by copyright holder
Microsoft said Wednesday that it’s extending the Microsoft Edge bounty program indefinitely. The program rewards individuals who submit vulnerabilities discovered in a “preview” version of the Microsoft Edge browser served up to Windows Insiders (slow ring). Thanks to this bounty program — and the helpful “bug hunters” — the final builds of Microsoft Edge released to the general public are even more secure.

“Over the past 10 months, we have paid out over $200,000 USD in bounties,” the company said. “This collaboration with the research community has resulted in significant improvements in Edge security, and has allowed us to offer more proactive security for our customers.”

Recommended Videos

Microsoft first began dishing out bug bounties in 2013. The first paid up to $100,000 for “novel exploitation techniques” against the Windows operating system. Another paid up to an additional $50,000 for submitting “BlueHat” ideas for defending Windows against the techniques used in the first bounty. The third program paid up to $11,000 for the discovery of critical vulnerabilities in the Internet Explorer 11 Preview.

Last August, Microsoft established its Edge bounty program to help discover Remote Code Execution vulnerabilities in preview builds of Microsoft Edge that were served up to the Windows Insider program. Dishing out up to $15,000 in cash, the program was originally slated to end on June 30, 2017. But now that it’s an ongoing program, it will join the Bounty for Defense, the Mitigation Bypass Bounty, Online Services Bug Bounty, and two other ongoing bounties in Microsoft’s lineup. Microsoft’s bounty for Office vulnerabilities ended on June 15.

According to Microsoft, the Edge browser bounty was so productive that the deadline was lifted indefinitely at the company’s discretion.

“Microsoft is committed to delivering secure products to our customers, and this bounty program helped us achieve that goal,” Microsoft said. ”We received many high-quality reports in Edge during this 10-month program. which helped keep our customers secure.”

All bounties related to Microsoft Edge will range in from $500 to $15,000. If an individual submits a qualifying vulnerability already discovered internally by Microsoft (and not yet reported), then the company will hand over a maximum cash wad of $1,500 to the first qualifying submission. All vulnerabilities must be reproducible on the latest Windows 10 preview build provided on the Windows Insider Slow Ring. Vulnerabilities relating to older builds will be deemed ineligible.

Microsoft indicates that it’s capable of paying out more than $15,000 for the Edge bounty program. The larger sum will be at Microsoft’s “sole discretion” and based on “entry quality and complexity.” Otherwise, submissions with a “high” report quality will see up to $15,000 in payment, while low-quality submissions will see up to $1,500 in payment.

Editors’ Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The creators of the Arc browser are reimagining web browsers yet again
A screenshot of Dia being used on a Mac.

The people behind the Arc browser are recruiting for a new big project -- a second browser product powered by AI. It was hinted at recently, but now it's official. It's called Dia, and it's built around The Browser Company's belief that AI features can't be contained in a single app or behind a single button -- instead, software needs to built from the ground up with AI in mind.

The video the company posted is part product announcement and part recruitment video, and it teases a few features the new browser will have. It seems it will get all the now-usual AI features like an autocomplete-type feature that fetches facts from the web, as well as summary generation and idea generation.

Read more
These Cyber Monday stocking stuffers are now on sale
Two boys playing with a Simon Says Micro.

Christmas is upon us, and although there's a lot of heartfelt sentiment around the biggest holiday of the year, it also means something more material: gifting (!). If you're using Cyber Monday deals to start getting gifts, that's great — but most buys are usually too large to fit in a stocking (just try to fit one of these Cyber Monday Alienware deals in a sock!), and the prices can be way off.

How much should you spend on stocking stuffers? What is "allowed"? We rounded up a list of the best gifts to buy on Cyber Monday for your stocking-stuffing needs — all of which are tiny treasures that will undoubtedly be well-received and, in some cases, will generate a fun laugh.
Best Cyber Monday Sales

Read more
The Acer Aspire Go 15 Slim is sold out, so get this Acer Aspire Cyber Monday deal instead
Acer Aspire 3 Slim Laptop Cyber Monday deal

Not every laptop or desktop computer has to be built to tackle a super-heavy workflow or resource-heavy software suites. In fact, if you’re the kind of user who just needs a basic PC for web browsing, video chats, watching movies, and light gaming, we think the following offer may be of interest: For Black Friday and Cyber Monday, the Acer Aspire Go 15 was discounted by $100.

Unfortunately, that deal is sold out, but we found an Acer Aspire 3 Slim for $280 -- saving you over $40. It features a 15.6-inch full HD display, AMD Ryzen 3 7320U processor, 8GB of LPDDR5 RAM, and a 128GB NVMe solid-state drive. Honestly, it might be more impressive than the Aspire Go from the previous deal.

Read more