Just days after releasing the first public beta of the Chromium-powered Edge browser, Microsoft has announced the launch of the Microsoft Edge Insider Bounty Program with rewards of up to $30,000 for cyber-security researchers who can find vulnerabilities in the Dev and Beta channels of the software.
In an official post, the company said: “The goal of the Microsoft Edge (Chromium-based) Insider Bounty Program is to uncover vulnerabilities that are unique to the next Microsoft Edge which have a direct and demonstrable impact on the security of our customers”.
As is the case with all such programs, the vulnerabilities have to be previously unreported and, must be reproducible on the latest version of Edge at the time of submission. Since the program will complement Google’s Chrome Vulnerability rewards program, any report that reproduces on Edge but not Chrome, will also be eligible based on severity, impact and report quality.
It’s worth noting here that the new bounty program will run alongside the existing Edge bounty program that awards up to $15,000 for finding vulnerabilities in the soon-to-be-deprecated version of Microsoft Edge that’s based on the company’s EdgeHTML engine. In both cases, only the vulnerabilities that reproduce in the latest, fully patched versions of Windows (Win 10/Win 7 SP1/Win8.1) or MacOS will be eligible for rewards.
After testing preview builds (Canary and Developer channels) for the Chromium-based Edge browser over the past few months, the company this week launched the first open beta of the new software. It’ll be updated every six weeks, which means it will be more stable compared to the daily or weekly channels. It’s available for Windows and macOS, so you can check it out right away.