Skip to main content

Microsoft Edge bug bounty program gets extended indefinitely

After seeing quite a bit of success with its Edge bug bounty program, Microsoft has decided to extend it indefinitely. As posted on the Microsoft TechNet site (opens in new tab), the bug bounty program will be extended indefinitely as part of a "sustained bounty program" (via OnMSFT).

The goal of the program is to enlist researchers in helping to make Edge more secure by tracking down and reporting vulnerabilities. Rewards can be fairly lucrative, with payouts ranging from $500 up to $15,000. Here's a look at some of the details of the program:

  • Any critical remote code execution or important design issue that compromises a customer's privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely on Microsoft's discretion Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (slow track)
  • All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy

Since the program's inception, Microsoft says it has paid out a full $200,000 in bounties. Further, the company claims, browser security has improved significantly. For more, you can check out all of the more granular details about the program on the TechNet site (opens in new tab).

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

3 Comments
  • Why already find?
  • Those are pretty low bounties for something as important as a browser.
  • Yeah I would hate 1500 or up to 15000. Would totally suck