Skip to main content

Microsoft’s extended Edge bug bounty program offers rewards up to $15K

Man holding money
Microsoft said Wednesday that it’s extending the Microsoft Edge bounty program indefinitely. The program rewards individuals who submit vulnerabilities discovered in a “preview” version of the Microsoft Edge browser served up to Windows Insiders (slow ring). Thanks to this bounty program — and the helpful “bug hunters” — the final builds of Microsoft Edge released to the general public are even more secure.

“Over the past 10 months, we have paid out over $200,000 USD in bounties,” the company said. “This collaboration with the research community has resulted in significant improvements in Edge security, and has allowed us to offer more proactive security for our customers.”

Microsoft first began dishing out bug bounties in 2013. The first paid up to $100,000 for “novel exploitation techniques” against the Windows operating system. Another paid up to an additional $50,000 for submitting “BlueHat” ideas for defending Windows against the techniques used in the first bounty. The third program paid up to $11,000 for the discovery of critical vulnerabilities in the Internet Explorer 11 Preview.

Last August, Microsoft established its Edge bounty program to help discover Remote Code Execution vulnerabilities in preview builds of Microsoft Edge that were served up to the Windows Insider program. Dishing out up to $15,000 in cash, the program was originally slated to end on June 30, 2017. But now that it’s an ongoing program, it will join the Bounty for Defense, the Mitigation Bypass Bounty, Online Services Bug Bounty, and two other ongoing bounties in Microsoft’s lineup. Microsoft’s bounty for Office vulnerabilities ended on June 15.

According to Microsoft, the Edge browser bounty was so productive that the deadline was lifted indefinitely at the company’s discretion.

“Microsoft is committed to delivering secure products to our customers, and this bounty program helped us achieve that goal,” Microsoft said. ”We received many high-quality reports in Edge during this 10-month program. which helped keep our customers secure.”

All bounties related to Microsoft Edge will range in from $500 to $15,000. If an individual submits a qualifying vulnerability already discovered internally by Microsoft (and not yet reported), then the company will hand over a maximum cash wad of $1,500 to the first qualifying submission. All vulnerabilities must be reproducible on the latest Windows 10 preview build provided on the Windows Insider Slow Ring. Vulnerabilities relating to older builds will be deemed ineligible.

Microsoft indicates that it’s capable of paying out more than $15,000 for the Edge bounty program. The larger sum will be at Microsoft’s “sole discretion” and based on “entry quality and complexity.” Otherwise, submissions with a “high” report quality will see up to $15,000 in payment, while low-quality submissions will see up to $1,500 in payment.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Microsoft doubles bug bounty reward, white hats can now earn $100,000
microsoft doubles bug bounty reward white hats can now earn 100000  chromawise

A couple of days on from the official release of Windows 10, Microsoft has raised the rewards for some of its bug bounty programs, which it hopes will help keep its systems more secure.

Most notably Microsoft has doubled the maximum fees for the Bounty for Defense from $50,000 to $100,000. It has also extended its Online Services Bug Bounty to include authentication vulnerabilities, where discoveries are now eligible for a double payment.

Read more
Think you can hack Microsoft’s Spartan browser? You could earn up to $15,000 for your effort
microsoft ramps up bug bounty in anticipation of project spartans launch ces 2009

In order to keep pace with the hacker community and head them off before they even have a chance to get their grips on Windows 10, today Microsoft announced it will be expanding its bug bounty program to include exploits for its new web browser, Project Spartan.

Spartan is set to replace Internet Explorer, and Microsoft knows that its reputation will be predicated on how secure it is right from the start. At anywhere from $500 to $15,000-a-pop per bug discovered, Microsoft looks to be both exceedingly confident in its web browsing product, while also remaining cautious of any hackers that might be able to ask a higher price for cracks they find on the black market.

Read more
Hurry and buy this Dell 27-inch 4K monitor while it’s just $300
The 27-inch Dell S2721QS 4K monitor on a table.

To maximize the power of your desktop computer, you should invest in a 4K monitor like the Dell S2721QS. This 27-inch monitor is currently on sale with a $30 discount from Dell, which pulls its price down to $300 from $330. However, every purchase also comes with a Dell eGift Card worth $100 that you can use on the brand's other products and services. We're not sure how long this offer will last though, so if you're interested, it's highly recommended that you buy the 4K monitor right now.

Why you should buy the Dell S2721QS 4K monitor
The Dell S2721QS is a simple but elegant 4K monitor that will be an upgrade for most computer setups. The 27-inch display offers 4K Ultra HD resolution that promises incredible clarity and sharp details, whether you're browsing the internet, working on a project, playing video games, or watching streaming content. You'll get an immersive viewing experience because of the ultrathin bezels on three sides, and your eyes will be protected from harmful blue light emissions by Dell's ComfortView Plus technology. The 4K monitor also supports AMD's FreeSync, so there will be no stuttering or screen tearing during your gaming sessions.

Read more