Skip to main content

Microsoft will pay you cash for hunting down specific vulnerabilities for Microsoft Edge in the Windows Insider program

Man holding money
Image used with permission by copyright holder
Microsoft’s Jason Shirk from the MSRC Team reports that the company has added another bounty program to its roster for bug hunters. This one targets possible remote code execution vulnerabilities within the version of Microsoft Edge that’s served up to participants in the Windows Insider program. For consumers, that means a good chunk of vulnerabilities will have already been tracked down and patched before a new version of the browser is released to the masses.

“This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process,” Shirk writes. “The Windows Insider program is built to help shape the future of Windows, and represents the latest in features, including new security features and mitigations.”

Recommended Videos

The new Microsoft Edge bounty began on August 4, 2016, and will conclude on May 15, 2017. Bug hunters will be paid handsomely for their research, earning between $500 and $15,000. However, if they come across a qualifying vulnerability that was found internally by Microsoft, then the company will offer up to $1,500 for the first “external” individual who submits a report.

Please enable Javascript to view this content

Additionally, all vulnerabilities uncovered by researchers must be reproducible on the latest version of Windows 10 in the Windows Insider program “slow ring.” For the uninitiated, the Windows Insider program is broken down into “fast,” “slow,” and “Release Preview” rings, with the first group getting builds as they’re completed, the second group receiving slightly more polished and stable builds at a slower rate, and the third group enjoying new features with little or no risk to their devices.

The new Microsoft Edge bounty joins a number of other programs Microsoft currently offers to researchers, including the Online Services Bug Bounty, the Nano Server Technical Preview Bug Bounty, the .NET Core and ASP.NET Core RC2 Bug Bounty, the Mitigation Bypass Bounty, and the Bounty for Defense program.

Previously, there was a Microsoft Edge Technical Preview Bug Bounty that began April 22, 2015, and ended on June 22, 2015. According to the listing, Microsoft paid between $1,500 and $15,000 for Remote Code Execution vulnerability discoveries, and for finding a Sandbox Escape vulnerability with Enhanced Protected Mode. Between $1,500 and $6,000 was paid for higher severity vulnerabilities in the browser or EdgeHTML, and a mere $500 was paid for ASLR Info Disclosure vulnerabilities in Edge or EdgeHTML.

“Our new bounty programs add expanded depth and flexibility to our existing community outreach programs,” states Microsoft. “Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers.”

Right now, the new Microsoft Edge bounty doesn’t appear on the Microsoft Bounty Programs website. Four of the bounties listed above are ongoing whereas the .NET Core and ASP.NET Core RC2 bug bounty ends on September 7, 2016. If you fall under the “hacker” and “researcher” umbrella and want to earn some cash, take a look at what Microsoft is offering. You’ll be helping us all out and banking some nice green bills in the process.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
A Windows 10 update brings Microsoft’s excellent new Edge browser to the masses
microsoft new edge now rolling out automatically image 1

The new Microsoft Edge browser, which is based on Google's open-source Chromium engine, is making its way to more Windows 10 PCs. Now being delivered via Windows Update, the browser is coming as an automatic install, replacing the older and little-used legacy version of Edge.

With the new browser previously only available as a manual download, there are three specific updates that will bring the browser automatically to Windows 10 PCs. These include KB4541301, KB4541302, and KB4559309. Depending on which version of Windows you're running, you'll see a different KB in Windows Update when you visit Update and Security and click Check for Updates if you're hoping to get the browser automatically.

Read more
Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live
Xbox One S All-Digital Edition review

When it comes to securing complex products, companies are increasingly turning to bug bounty programs to invite members of the public to find security vulnerabilities. Google's bug bounty program handed out $6.5 million last year, and Apple recently expanded its program to cover macOS bugs as well as iOS bugs.

Now Microsoft is expanding its own bug bounty program from covering software like its Office suite and its Edge browser to also covering the Xbox Live network and services. The company will pay out rewards to anyone who can find and reproduce a security vulnerability in the Xbox Live system.

Read more
Dell has cut the price of this Dell XPS 13 by a massive $750
Dell XPS 13 9345 front view showing display and keyboard.

For great laptop deals, head to Dell and reap some considerable benefits. Right now, one highlight is a huge $750 discount on a Dell XPS 13. This particular model is ideal for multitasking on the move. It normally costs $2,299 but it’s down to $1,549 for a limited time as one of Dell’s clearance deals. Since it's a clearance deal, stock will run out soon -- you’ll need to be quick to avoid missing out. Want to learn more first? Let’s take a look at what it has to offer.

Why you should buy the Dell XPS 13
As one of the best laptop brands out there, you can’t go wrong with what Dell has to offer. We’ve been big fans of the Dell XPS 13 over the years, with our recent review of one model calling it a “great laptop” but with the “wrong chip.” Fortunately, this configuration has a far better chip than our review model. That means fast performance, “excellent build quality” and an “ultramodern appearance” paired with a "good keyboard and touchpad."

Read more