Today, Microsoft released the first beta of the all-new Edge browser. The company is now inviting anyone who wants to get a sneak peek to download the app… and inviting hackers to find ways to compromise it. Microsoft will even pay cash for their exploits.
That’s not as strange as it might seem. It’s actually quite common for a company like Microsoft to offer security researchers rewards for reporting software vulnerabilities. There’s good money to be made hunting “bug bounties” these days.
With Edge inching closer and closer to its first stable release, Microsoft isn’t messing around. Edge needs to be as secure as it can possibly be when it’s released to the general public, and so the call went out for help finding and patching weaknesses.
Researchers can bank up to $30,000 by discovering “high impact vulnerabilities” in either the beta or the developer release of the Edge browser. They can target any OS that Edge will run on: Windows 10, Windows 8.1, Windows 7, and even Mac OS.
The $30,000 top prize will be reserved for bugs that are true showstoppers. An exploit may, for example, have to allow the attacker to break out of Edge’s sandbox — a virtual container that isolates code running in Edge from the rest of the operating system.
A properly-implemented sandbox makes software much harder to hack, which is why Google added one to Chrome. Chrome has been a difficult target for hacking teams at events like Pwn2Own and that has a lot to do with its sandbox.
But a sandbox doesn’t make an app bulletproof. Chrome has fallen on multiple occasions, because given enough time and opportunity hackers will find a way to defeat just about anything. That includes the new Edge.
With the big re-launch coming, Microsoft wants to batten down the hatches. Offering the most secure browser around could be the key to make big gains early on, especially in enterprise environments where IT administrators might deploy an app to hundreds, thousands, or tens of thousands of users to keep networks as secure as possible.
Since Microsoft is offering up its own bug bounty program, the new Edge browser will reap the benefit of outside help on two fronts. Edge is based on Chromium, the same open source code that powers Google Chrome. One of the ways Google keeps Chrome secure is by offering bug bounties to researchers who discover vulnerabilities.
There are plenty of reasons you might want to try out the new Edge. It’s a very slick browser and it’s built on the same base as Google Chrome, so there’s a minimal learning curve when you switch. It may also wind up being the most secure browser around now that Microsoft is willing to make it rain, and that’s a pretty good reason to switch browsers in 2019.