Microsoft appears to have had quite a bit of success with its bug bounty program. And it has probably worked well for Microsoft’s Edge browser, giving it a fair but of dev attention through bug bounty. Well, as a result, the Redmond giant has now decided to extend the scope of its Edge bug bounty program indefinitely, as a sustained program.
Bug bounty programs have increasingly become the weapon of choice for companies like Microsoft when it comes to discovering loopholes and gateways into their own software. Not only do these programs induce the masses to report errors rather than exploit them, they also induce top-notch researchers from the field to come and look into the matter,
The benefits accrued by the company in the process, are of course vast. And it appears as if they are well worth the $500-$15,000 payouts the company sends out to multiple user every year. As per Microsoft:
- Any critical remote code execution or important design issue that compromises a customer’s privacy and security will receive a bounty
- The bounty program is sustained and will continue indefinitely on Microsoft’s discretion Bounty payouts will range from $500 USD to $15,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of $1,500 USD
- Vulnerabilities must be reproducible on the latest Windows Insider Preview (slow track)
- All security bugs are important to us and we request you report all Microsoft Edge browser security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy
The company has already spent over $200,000 in giving rewards to these bounty hunters, And it believes that Edge is now much better, and safer. Its bug bounty program has been emulated by companies across the world over, and there are many people who spend their days looking for new bugs and hacks to convert into money — thus staying out of mischief as well.