Microsoft Edge bug bounty program now permanent
Microsoft introduced a bug bounty program for Edge last August. Originally intended as a temporary thing, it will now live on as the software giant reports that it has lead to major improvements in its browser's security.
As is the case with bug bounty programs, part of the appeal for security researchers is the financial side. In this case, Microsoft says that it has paid over $200,000 in bounties in since it kicked off.
Bounties range between $500 and $15,000, and apply to vulnerabilities found in Windows Insider Preview builds on the Slow ring, Microsoft says. Security researchers are paid even when reporting a vulnerability that is known internally, though in this case the payment drops to up to $1,500.
The bug bounty program applies to referrer spoofing, remote code execution and same origin policy bypass vulnerabilities. Remote code execution bugs with a high quality report get up to $15,000, while a low quality report will net security researchers up to $1,500.
When it comes to other vulnerabilities part of the bug bounty program, the limit is $6,000. Again, that applies to a high quality report, whereas for a low quality report security researchers can expect up to $1,500.
Microsoft notes that it can pay more than that, but it depends on "entry quality and complexity."