This article is more than 1 year old

Microsoft extends bug bounty to cover Edge remote code exec

$1,500 up for grabs for those bold enough to bash browser

Microsoft has opened a remote code execution bug bounty for preview versions of its Microsoft Edge browser.

The Internet Explorer killer and hopeful challenger to Firefox and Safari -- Chrome dominates the browser space -- was released in March last year.

Microsoft will pay between $500 and $1,500 for remote code execution holes in Edge preview.

It will also, so says Redmond security ecosystem and strategic lead Jason Shirk, still pay for bugs Microsoft is internally aware of shelling out $1,500 for the first outsider reports of remote code execution holes in the pre-stable early release versions of Edge.

"Microsoft will be hosting a bounty for remote code execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds," Shirk says.

"This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process."

The bounty will run from today until 15 May next year and award for bugs that are reproducible on the latest Windows Insider Preview (Slow track) builds.

Feature: The bug bounty boom.

It is the latest Microsoft bounty and joins a list that includes Online Services, Mitigation bypass, and Bounty for Defense bounty programs

"Bounties are worked alongside the security development lifecycle, operational security assurance framework, regular penetration testing of our products and services, and security and compliance accreditations by third party audits," Shirk says. "Start your fuzzers." ®

More about

TIP US OFF

Send us news


Other stories you might like