Jump to content

Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms


Recommended Posts

Guest MSRC Team
Posted

On August 4, 2016 we launched a bounty program that targets Remote Code Execution (RCE) vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow (WIP slow). Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time. Currently, we are focusing on vulnerabilities that lead to violation of W3C standards that compromise privacy and integrity of important user data, and RCEs. This program now includes:

 

  • Same Origin Policy bypass vulnerabilities (example: UXSS)
  • Referer Spoofing vulnerabilities
  • Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
  • Vulnerabilities in open source sections of Chakra
  • The bounty will run August 4, 2016 through May 15, 2017 and vulnerabilities on UXSS and referer spoofing submitted to secure@microsoft.com after August 4, 2016 will be retroactively rewarded
  • Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (Slow track)
  • All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to secure@microsoft.com

 

For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog.

 

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

 

Akila Srinivasan and Crispin Cowan

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...