Doors on the Edge Insider Bounty Program flung open
Having finally pushed out the first Beta preview of its Chromium-based browser, Microsoft has launched a bounty programme aimed at getting researchers to kick the tyres on its latest and greatest.
Up to $30k is available to researchers who find what Microsoft deems “critical and important” vulnerabilities in the Beta and Dev channels of Chromium Edge. The Canary channel is excluded because, well, it seems hardly fair to poke holes in daily builds that are, by definition, not fit for public consumption.
Interestingly, up to $15k is available to anyone who discovers critical remote code execution and “design issues” in the original EdgeHTML version still lurking in the Slow Ring of the Windows 10 Insider Preview.
Just think, if a few dozen researchers are lured by that $15k, it could double the not-just-downloading-Chrome usage of old Edge overnight.
Snark aside, Microsoft really wants researchers to start thumping Chromium Edge, and has stated that a 2X multiplier is available via the Researcher Recognition Program and the company will pay out as soon the reproduction and assessment has been completed of each submission.
Of course, with Edge being Chromium-based, Chrome’s own reward programme is a consideration, so Microsoft is keen on reports that reproduce on Edge rather than Chrome. Severity, impact and “report quality” are also factors, so “Yo browser sucks, Micro$oft” is unlikely to go down well.
Microsoft is also looking for reports from macOS Edge users in addition to those running the browser on fully patched versions of Windows 7 SP1 and 8.1.
It isn’t clear what that means after January 2020, when poor old Windows 7 is due a visit from an engineer in a high-viz jacket, carrying an axe. ®