Microsoft yesterday announced that they are expanding their Bounty Program for Microsoft Edge Remote Code Execution vulnerabilities on Windows Insider Preview builds. This will help Microsoft in securing their platform even before the release.
As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 USD will be made to the first external researcher who reports the issue.
The program highlights are:
- Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
- Also, Includes Open Source sections of Chakra
- The bounty will run August 4, 2016 through May 15, 2017
- Bounty payouts will range from $500 USD to $15,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft , a payment will be made to the first finder at a maximum of $1,500 USD
- Vulnerabilities must be reproducible on the latest Windows Insider Preview (Slow track)
You can find more details here.