Microsoft extends the Edge Bug Bounty program indefinitely

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

It’s been nearly a year since Microsoft opened up Edge to the bounty program. Since then, it has shelled out nearly $200,000 in payments for issues reported. As a result of its major success, Microsoft has decided to continue the program past its original time frame to indefinitely.

The Edge Bounty Program helps Microsoft nail down ongoing security threats, among other things. Since the tech giant takes these concerns as an ongoing priority, it’s no surprise that their payments to the research community are profitable overall for Microsoft Edge. Here are more details about the program:

  • Any critical remote code execution or important design issue that compromises a customer’s privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely on Microsoft’s discretion
  • Bounty payouts will range from $500 USD to $15,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
  • Vulnerabilities must be reproducible on the latest Windows Insider Preview (slow track)
  • All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to [email protected] via Coordinated Vulnerability Disclosure (CVD) policy
  • For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog.

This just one of many bounty programs that Microsoft has running currently. If you’re so inclined, check out the others that you can still take part in over at Technet.

User forum

0 messages