Windows 10 Edge: Now Microsoft puts $15k bounty on remote attack browser bugs – ZDNet
Microsoft has launched a special bug bounty designed to uncover remotely-exploitable bugs in its Edge browser on Windows Insider Preview builds.
The limited-term bounty adds to Microsoft’s ongoing vulnerability rewards programs for security researchers who privately report serious flaws in its generally available software.
Under this temporary bounty, Microsoft will offer payments of between $500 and $15,000 for remote code-execution vulnerabilities in Edge on Windows Insider Preview, which aims to capture bugs in the pre-release stages of development.
The Insider program offers Windows fans an early look at pre-release versions of the operating system, as well as Edge.
And, since the Edge preview bounty pushes deeper into Microsoft’s pre-release phase, Microsoft says it will pay up to $1,500 for bugs that it’s already aware of.
“As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 will be made to the first external researcher who reports the issue,” Microsoft said.
Microsoft last year offered the same amount for the Edge technical preview, but the program only ran for three months.
This new Edge bounty will for run for 10 months, between August 4, 2016 and May 15, 2017.
Microsoft from time to time opens limited-term bug bounty programs for beta products. It similarly in June opened a four-month bounty, offering up to $15,000 for bugs in .NET Core and ASP.NET Core RC2 beta builds.
The Edge bounty comes as Microsoft rolls out the Windows 10 Anniversary update, which brings EdgeHTML 14, its third update to the Edge web platform.
The Anniversary Update version of Edge contains additional protections against kernel attacks and imposes further restrictions on Adobe Flash in the browser.
According to Microsoft, Flash now runs in isolated containers to thwart attacks on it that undermine Edge. The updated Edge also introduces click to play for Flash content.
More on Edge and Windows 10
- Microsoft won’t fix Windows flaw that lets hackers steal your username and password
- Opera, not Microsoft Edge, is the best for battery life, says Opera
- Microsoft kicks off campaign touting battery savings of Windows 10’s Edge browser
- Windows 10 usage continues to rise, but users say no to the Edge browser
- Windows Insiders can now install Adblock Plus in Microsoft Edge
- Microsoft’s new Windows 10 preview: Real-time notifications, extensions for Edge, Skype dark theme