Microsoft announced on Thursday that it’s offering up to $15,000 to researchers who find remote code execution vulnerabilities in the company’s Edge web browser running on Windows Insider Preview builds.
Users who sign up for the Windows Insider program are given the chance to test new features before they are made generally available. Microsoft wants white hat hackers to find remote code execution (RCE) flaws in Edge on Windows preview builds and it’s prepared to pay out between $500 and $15,000.
Microsoft is aware that some of the vulnerability reports it will receive as part of this program will describe issues that its employees are already working to address, but the company says it will still pay up to $1,500 to the first external researcher who finds a bug that is in the process of being fixed.
The company also noted that the bug bounty program includes the open source sections of Chakra, the JavaScript engine that powers Edge. The program will end on May 15, 2017.
“This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process,” Microsoft said.
The tech giant runs several bug bounty programs, including for its online services, Nano Server, .NET and ASP.NET core, and mitigation bypasses. While the top reward in most cases is $15,000, the company is prepared to offer up to $100,000 for new exploitation techniques that target the protections built into Windows. Researchers can double the amount if the mitigation bypass is accompanied by an idea on how to defend against the attack.
Related: New Windows Attack Turns Evil Maid into Malicious Butler
Related: Microsoft Expands Bug Bounty Program