Microsoft: Reckon our code is crap? Prove it and $30k could be yours


microsoft:-reckon-our-code-is-crap?-prove-it-and-$30k-could-be-yours

Doors on the Edge Insider Bounty Program flung open

Having finally pushed out the first Beta preview of its Chromium-based browser, Microsoft has launched a bounty programme aimed at getting researchers to kick the tyres on its latest and greatest.

Up to $30k is available to researchers who find what Microsoft deems “critical and important” vulnerabilities in the Beta and Dev channels of Chromium Edge. The Canary channel is excluded because, well, it seems hardly fair to poke holes in daily builds that are, by definition, not fit for public consumption.

Interestingly, up to $15k is available to anyone who discovers critical remote code execution and “design issues” in the original EdgeHTML version still lurking in the Slow Ring of the Windows 10 Insider Preview.

Just think, if a few dozen researchers are lured by that $15k, it could double the not-just-downloading-Chrome usage of old Edge overnight.

Snark aside, Microsoft really wants researchers to start thumping Chromium Edge, and has stated that a 2X multiplier is available via the Researcher Recognition Program and the company will pay out as soon the reproduction and assessment has been completed of each submission.

Of course, with Edge being Chromium-based, Chrome’s own reward programme is a consideration, so Microsoft is keen on reports that reproduce on Edge rather than Chrome. Severity, impact and “report quality” are also factors, so “Yo browser sucks, Micro$oft” is unlikely to go down well.

Microsoft is also looking for reports from macOS Edge users in addition to those running the browser on fully patched versions of Windows 7 SP1 and 8.1.

It isn’t clear what that means after January 2020, when poor old Windows 7 is due a visit from an engineer in a high-viz jacket, carrying an axe. ®

Sponsored:
MCubed – The ML, AI and Analytics conference from The Register.

Previous Sorry script kiddies, hacktivism isn't cool anymore: No one cares about stuff that's easy-peasy to defend against
Next Here's a top tip: Don't trust the new guy – block web domains less than a month old. They are bound to be dodgy