The program no longer has an end date, Microsoft announces

Jun 23, 2017 09:30 GMT  ·  By

Microsoft has decided to extend the Edge browser bug bounty program indefinitely, as it’s pleased with how the application was improved thanks to security researchers across the world who discovered vulnerabilities and reported them to the company.

Microsoft says it paid no less than $200,000 in bounties until now, and because a substantial number of security flaws were discovered by researchers who participating in the bug bounty effort, it converts it to a sustained program.

“Microsoft is committed to delivering secure products to our customers and this bounty program helped us achieve that goal. We received many high-quality reports in Edge during this 10-month program which helped keep our customers secure,” the company said in a statement.

“Keeping in line with our philosophy of protecting customers and proactively partnering with researchers, today we are changing the Edge on Windows Insider Preview (WIP) bounty program from a time bound to a sustained bounty program.”

Launched only 10 months ago

The Microsoft Edge bug bounty program was launched in August 2016 and originally included financial rewards for researchers who discovered remote code execution vulnerabilities, same-origin bypass vulnerabilities, and referrer spoofing vulnerabilities. The program was later updated to include other security flaws as well, including design issues that could lead to users become vulnerable to attacks.

Just as before, researchers who quality for a bounty can receive between $500 and $15,000 depending on the vulnerability they discover and the quality of report (for example, the biggest reward requires a proof of concept as well). Microsoft explains that reported vulnerabilities must exist in the latest build of the Windows Insider Preview (early builds of the next Windows 10 update) with all patches installed.

You can read more about Microsoft’s bug bounty programs, including the official rules, on the company’s website here. The Microsoft Edge bounty if the first program that doesn’t have an end date and researchers can submit the flaws they discover at any time.