Posted on 08/21/2019 9:03:52 PM PDT by dayglored
Doors on the Edge Insider Bounty Program flung open
Having finally pushed out the first Beta preview of its Chromium-based browser, Microsoft has launched a bounty programme aimed at getting researchers to kick the tyres on its latest and greatest.
Up to $30k is available to researchers who find what Microsoft deems "critical and important" vulnerabilities in the Beta and Dev channels of Chromium Edge. The Canary channel is excluded because, well, it seems hardly fair to poke holes in daily builds that are, by definition, not fit for public consumption.
Interestingly, up to $15k is available to anyone who discovers critical remote code execution and "design issues" in the original EdgeHTML version still lurking in the Slow Ring of the Windows 10 Insider Preview.
Just think, if a few dozen researchers are lured by that $15k, it could double the not-just-downloading-Chrome usage of old Edge overnight.
Snark aside, Microsoft really wants researchers to start thumping Chromium Edge, and has stated that a 2X multiplier is available via the Researcher Recognition Program and the company will pay out as soon the reproduction and assessment has been completed of each submission.
Of course, with Edge being Chromium-based, Chrome's own reward programme is a consideration, so Microsoft is keen on reports that reproduce on Edge rather than Chrome. Severity, impact and "report quality" are also factors, so "Yo browser sucks, Micro$oft" is unlikely to go down well.
Microsoft is also looking for reports from macOS Edge users in addition to those running the browser on fully patched versions of Windows 7 SP1 and 8.1.
It isn't clear what that means after January 2020, when poor old Windows 7 is due a visit from an engineer in a high-viz jacket, carrying an axe. ®
"Up to."
"For the 300 hours you devoted to finding this exploit, and considering your 25 years of coding experience, Microsoft is prepared to pay you... Well, let's see, how about $1,000? That seems fair to us."
Their code is crap.
Microsoft Coders: “I’m gonna write me a new mini-van!”
I’d have to load Edge in order to find the bugs in it, which is kinda like having to get the clap in order to prove a woman is a hooker.
That’s a crazy low amount, even if they expect 10-year-olds to find the bugs.
What are the bad guys paying for zero-day exploits these days?
‘UP TO’ SOUNDS LIKE MICROSOFT IS TRYING TO GET THEIR BUGS WORKED OUT/FIXED ON THE CHEAP BY OFFERING A BOUNTY SO THEY DON’T HAVE TO PAY THEIR CODERS THE BIG $$
30k!?
They are crazy cheapskates.
Back in the day I was really pretty good on a bughunt....
Only $30k to fix code written by their sh!tty H-1B and outsourced programmers? This tells you they know the code is a disaster.
Just hang out and wait for the first update download and it should be easy. They always sabotage themselves with their own updates. lol
What the hell is “Chromium Edge”???
Does it have anything to do with Gooogle Chrome?
Had some serious side-effects from Windows 10 update 1903 that am still flushing out. But Microsoft Windows isn’t a serious operating system any more, and am skeptical of anything called “Chromium Edge”.
How are you supposed to forensically examine closed source code when the owner won’t give you access to the code?
https://en.wikipedia.org/wiki/Chromium_(web_browser)
Microsoft originally developed their Win10 "Edge" browser as proprietary in-house code. When it failed to attract serious use, they realized they'd be better off building Edge from open-source that was already the user standard. So "Chromium Edge" is an all-new "Edge" browser, built with the same code that Google developed for use in their Chrome browser.
It's a big deal that Microsoft decided that open-source was better than proprietary, in this situation. They also are making it available to non-Win10 platforms: Win7, Win8x, and even MacOS. This is another big deal.
Its recommended for security reasons that you define a non-administrative user to do your web browsing and other normal activities, and only run as an administrator when you have to install a program or do system-admin tasks.
Most Windows users ignore that advice because its somewhat inconvenient, so security be damned, they run with administrative privilege all the time, which puts them at risk when web browsing.
That said, I havent installed Chromium Edge myself yet so the above is a guess at the meaning of your warning message.
I’m a Windows fan, but, really, who uses any MS browser?
“Most Windows users ignore that advice because its somewhat inconvenient”
It’s not only inconvenient it is not readily apparent how to do that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.