Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms

Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms

On August 4, 2016 we launched a bounty program that targets Remote Code Execution (RCE) vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow (WIP slow). Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time. Currently, we are focusing on vulnerabilities that lead to violation of W3C standards that compromise privacy and integrity of important user data, and RCEs. This program now includes:

  • Same Origin Policy bypass vulnerabilities (example: UXSS)
  • Referer Spoofing vulnerabilities
  • Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
  • Vulnerabilities in open source sections of Chakra
  • The bounty will run August 4, 2016 through May 15, 2017 and vulnerabilities on UXSS and referer spoofing submitted to [email protected] after August 4, 2016 will be retroactively rewarded
  • Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (Slow track)
  • All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to [email protected]

For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog.

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

Akila Srinivasan and Crispin Cowan

Source: Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.