Microsoft extends Edge Bounty Program to June 30

Home » Microsoft

Reading time icon 1 min. read

Calendar icon Published on

by Pradeep Viswav 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft Edge

Over the past 10 months, Microsoft has paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. When Microsoft announced this Edge Bounty Program last year, they said that this program will run August 4, 2016 through May 15, 2017. Today, Microsoft announced that they are extending the end date of this program to June 30, 2017. If you are a security researcher, you can earn payments for eligible submissions based upon the following:

Vulnerability type Functioning
Exploit		 Proof of
concept		 Report Quality Payout range (USD) *
Remote Code
Execution in
Microsoft Edge on
recent builds of WIP
slow		 Required Required High Up to $15,000
No Required High Up to $6,000
No Required Low Up to $1,500
Violations of W3C
standards that
compromise privacy or
integrity of important user data.		 No Required High Up to $6,000
Required
This includes:

  • Violation of SoP,
    i.e. UXSS
  • Referrer spoofs
 No Low Up to $1,500
This does not include:

  • XSS, CSRF: report
    these to the web
    site owner
  • XSS filter bypass

You can find more details here.

More about the topics: Bounty Program, Expansion, microsoft, Microsoft Edge, Remote Code Execution

Pradeep Viswav

Pradeep Viswav Shield

Software and Services Expert

Pradeep is a Computer Science and Engineering Graduate. He was also a Microsoft Student Partner. He is currently working in a leading IT company.