- Joined
- Jun 27, 2006
- Messages
- 23,048
- Thread Author
- #1
I’m very happy to announce another addition to the Link Removed. Microsoft will be hosting a bounty for Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds.
This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process. The Windows Insider program is built to help shape the future of Windows, and represents the latest in features, including new security features and mitigations. For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog.
As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 USD will be made to the first external researcher who reports the issue.
To find out more about the Microsoft Edge Remote Code Execution Bounty, please visit Link Removed. The program highlights are:
This new bounty will be in addition to our ongoing Link Removed, and Link Removed bounty programs. These additions are a part of the rigorous security programs at Microsoft. Bounties are worked alongside the Link Removed (SDL), Link Removed (OSA) framework, regular penetration testing of our products and services, and Link Removed by third party audits.
As always, the most up-to-date information about the Microsoft Bounty Programs can be found at Link Removed and in the associated terms and FAQs.
Start your fuzzers!
Jason Shirk
Continue reading...
This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process. The Windows Insider program is built to help shape the future of Windows, and represents the latest in features, including new security features and mitigations. For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog.
As the bounty programs are pushing forward into earlier releases of software, there may be more instances of a vulnerability being reported which Microsoft is already working to resolve. In the event this occurs, as recognition for the real effort put into finding these vulnerabilities, a payment of up to $1,500 USD will be made to the first external researcher who reports the issue.
To find out more about the Microsoft Edge Remote Code Execution Bounty, please visit Link Removed. The program highlights are:
- Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview
- Also, Includes Open Source sections of Chakra
- The bounty will run August 4, 2016 through May 15, 2017
- Bounty payouts will range from $500 USD to $15,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft , a payment will be made to the first finder at a maximum of $1,500 USD
- Vulnerabilities must be reproducible on the latest Link Removed (Slow track)
This new bounty will be in addition to our ongoing Link Removed, and Link Removed bounty programs. These additions are a part of the rigorous security programs at Microsoft. Bounties are worked alongside the Link Removed (SDL), Link Removed (OSA) framework, regular penetration testing of our products and services, and Link Removed by third party audits.
As always, the most up-to-date information about the Microsoft Bounty Programs can be found at Link Removed and in the associated terms and FAQs.
Start your fuzzers!
Jason Shirk
Continue reading...
