Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Widens Edge Browser Bug Hunt For Bounty Hunters (theregister.co.uk)

Posted by msmash on from the finding-bugs,-rewarding-people dept.

Microsoft said today it is expanding its program for rewarding those who find and report bugs in Edge, its latest web browser, enabling bounty hunters to claim their prize for a broader range of vulnerabilities. The Register adds: The snappily titled "Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Programme" was launched in August, and enabled anyone to report vulnerabilities they discover in Microsoft Edge in exchange for flippin' great wodges of cash. Now, the firm has expanded the programme, with a focus on vulnerabilities that lead to "violation of W3C standards that compromise privacy and integrity of important user data," or which enable remote code execution by a particular threat vector. Specifically, the bounty programme now covers the following: Same Origin Policy bypass vulnerabilities (such as universal cross-site scripting), Referrer Spoofing vulnerabilities, Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview, and Vulnerabilities in open source sections of Chakra.

12 comments

  1. I.e. by Anonymous Coward · · Score: 0

    Open season.

    1. Re:I.e. by The-Ixian · · Score: 1

      I.e.

      No... Edge....

      --
      My eyes reflect the stars and a smile lights up my face.
  2. Finding bugs in Edge is like by Billly+Gates · · Score: 1

    Finding real bugs ... in a swamp .... in Florida .... or Alaska on the tundra marshes

    --
    http://saveie6.com/
  3. what about render bugs? by Gravis+Zero · · Score: 1

    It's easy enough to make a fast render engine, it's difficult to make a fast render engine with standards compliant rendering.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:what about render bugs? by Anonymous Coward · · Score: 0

      They don't give a shit about rendering bugs, I've submitted tons and about 90% of them are labelled "wont fix" due to some BS reason... and yes my bugs have isolated test cases.

    2. Re:what about render bugs? by Anonymous Coward · · Score: 0

      It's easy enough to make a fast render engine, it's difficult to make a fast render engine with standards compliant rendering.

      Let's make a faster rendering engine, a great rendering engine, a yuge rendering engine. And make Microsoft pay for it.

    3. Re:what about render bugs? by KingMotley · · Score: 1

      Well, the same can be pretty much said about both the webkit and gecko engines as well. I actually have more outstanding bugs in those engines than I do edge or IE, and they typically take a lot longer to get fixed than in IE/Edge. Sure, I might be an outlier, but that is my personal experience. I had one bug in firefox that has been outstanding for nearly 10 years, and every once in a while I see someone play with it, only to be kicked down the road further. webkit is pretty much the same, until years go by and then they get closed as wont-fix even though they all have short simple examples, and have been verified to be actual bugs.

      And I'm not an anonymous coward. I call out the BS as I see it.

  4. Fucking Register by Anonymous Coward · · Score: 0

    flippin' great wodges

    Unreadable garbage, as usual.

    PLONK

  5. Obvious bug by ChunderDownunder · · Score: 1

    (or feature) It only runs on Windows 10.

    If you're pushing for world domination, get the Android port released.

    1. Re:Obvious bug by Anonymous Coward · · Score: 0

      Why? They have a monopoly on OSes running on non-exploding phones.

  6. Running anything by AHuxley · · Score: 1

    Microsoft is the bug in any wider secure network.

    --
    Domestic spying is now "Benign Information Gathering"