Site icon 지락문화예술공작단

Extending the Microsoft Edge Bounty Program

Extending the Microsoft Edge Bounty Program

Over the past ten months we have paid out over $200,000 USD in bounties. This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers. Keeping in line with our philosophy of protecting customers and proactively partnering with researchers, today we are changing the Edge on Windows Insider Preview (WIP) bounty program from a time bound to a sustained bounty program.

Since 2013, we have launched three browser bounties to uncover specific vulnerabilities. As security is a continuous effort and not a destination, we prioritize identifying different types of vulnerabilities in different points of time. On August 4, 2016, we launched the Edge Web Platform bounty on WIP to incentivize researchers to send us remote code execution (RCE), same origin policy bypass vulnerabilities (example: UXSS), and referrer spoofing vulnerabilities in our latest browser. Microsoft is committed to delivering secure products to our customers and this bounty program helped us achieve that goal. We received many high-quality reports in Edge during this 10-month program which helped keep our customers secure.

The overall program highlights:

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

Akila Srinivasan
Microsoft Security Response Center

Source: Extending the Microsoft Edge Bounty Program

Exit mobile version