$1,500 up for grabs for those bold enough to bash browser
Microsoft has opened a remote code execution bug bounty for preview versions of its Microsoft Edge browser.
The Internet Explorer killer and hopeful challenger to Firefox and Safari — Chrome dominates the browser space — was released in March last year.
Microsoft will pay between US$500 and US$15,00 for remote code execution holes in Edge preview.
It will also, so says Redmond security ecosystem and strategic lead Jason Shirk, still pay for bugs Microsoft is internally aware of shelling out US$1500 for the first outsider reports of remote code execution holes in the pre-stable early release versions of Edge.
“Microsoft will be hosting a bounty for remote code execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds,” Shirk says.
“This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process.”
The bounty will run from today until 15 May next year and award for bugs that are reproducible on the latest Windows Insider Preview (Slow track) builds.
It is the latest Microsoft bounty and joins a list that includes Online Services, Mitigation bypass, and Bounty for Defense bounty programs
“Bounties are worked alongside the security development lifecycle, operational security assurance framework, regular penetration testing of our products and services, and security and compliance accreditations by third party audits,” Shirk says. “Start your fuzzers.” ®
Sponsored: Global DDoS threat landscape report