Microsoft expands Windows Insider Preview Edge browser bug bounty program
The Microsoft Edge on the Windows Insider Preview bug bounty program has been expanded, with researchers asked to hunt down a wider range of security flaws.
On Wednesday, Security Program Manager in the Microsoft Security Response Center (MSRC) Akila Srinivasan and security expert Crispin Cowan said in a blog post that the bug bounty program is no longer only seeking Remote Code Execution (RCE) vulnerabilities.
Originally launched in August this year, this specific section of Microsoft's bug bounty schemes focused on RCE, one of most severe kinds of vulnerability.
However, Microsoft is now also interested in vulnerabilities which lead to the violation of W3C standards as well as compromise the security and privacy of users.
Microsoft is asking researchers to hunt down different types of bugs, including Same Origin Policy bypass vulnerabilities, Referer Spoofing vulnerabilities, remote code execution flaws in Microsoft Edge on Windows Insider Preview and security issues in the open-source sections in the JavaScript engine Chakra.
"Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time," the company says.
See also: Bug bounties: 'Buy what you want'
The new bounty will run from August 4, 2016, to May 15, 2017, with payouts ranging from $500 to $15,000 depending on the severity of the flaw.
If security experts report security vulnerabilities already found by Microsoft's internal security team, the first finder will not walk away completely empty-handed, as the tech giant is willing to award the first finder up to $1,500.
In order to qualify, all reported bugs must be reproducible on the latest Slow track Windows Insider Preview system.
In May, Microsoft extended the firm's bug bounty program to include the Nano Server installation option of Windows Server 2016 Technical Preview 5. Researchers have been asked to hunt for remote code execution vulnerabilities, privilege escalation flaws, remote unauthenticated denial of service, information leaks and spoofing security flaws.