Microsoft Edge bug bounty program gets extended indefinitely

After seeing quite a bit of success with its Edge bug bounty program, Microsoft has decided to extend it indefinitely. As posted on the Microsoft TechNet site, the bug bounty program will be extended indefinitely as part of a "sustained bounty program" (via OnMSFT).

The goal of the program is to enlist researchers in helping to make Edge more secure by tracking down and reporting vulnerabilities. Rewards can be fairly lucrative, with payouts ranging from $500 up to $15,000. Here's a look at some of the details of the program:

  • Any critical remote code execution or important design issue that compromises a customer's privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely on Microsoft's discretion Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (slow track)
  • All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy

Since the program's inception, Microsoft says it has paid out a full $200,000 in bounties. Further, the company claims, browser security has improved significantly. For more, you can check out all of the more granular details about the program on the TechNet site.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl