Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty

Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty

I’m very happy to announce another addition to the Microsoft Bounty Programs. Microsoft will be hosting a bounty for Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds.

This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process. The Windows Insider program is built to help shape the future of Windows, and represents the latest in features, including new security features and mitigations. For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog.

As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 USD will be made to the first external researcher who reports the issue.

To find out more about the Microsoft Edge Remote Code Execution Bounty, please visit https://aka.ms.BugBounty. The program highlights are:

  • Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
  • Also, Includes Open Source sections of Chakra
  • The bounty will run August 4, 2016 through May 15, 2017
  • Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft , a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (Slow track)

This new bounty will be in addition to our ongoing Online Services, and Mitigation bypass and Bounty for Defense bounty programs. These additions are a part of the rigorous security programs at Microsoft. Bounties are worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits.

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

Start your fuzzers!

Jason Shirk

Source: Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty

About KENNETH 19688 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.