Microsoft has announced the launch of a new bug bounty programme for its Project Spartan web browser, even as a non-security-related bug hides the software from Windows 10 testers.
Designed to replace Internet Explorer when Windows 10 launches later this year - although IE will still be present, but relegated to secondary-browser status for legacy sites the new rendering engine fails to deal with correctly - Project Spartan is a complete ground-up rewrite. As a result, while it offers shiny new features not found in its predecessor IE it is also certainly packed with shiny new bugs - including those which could put the security of its users at risk, not something Microsoft wants tarnishing the launch of its latest software.
As a result, the company has announced the launch of a vulnerability bounty programme specifically for Project Spartan which will see those reporting new security holes in the software receiving between $500 and $15,000 - or even more, 'depending on the entry quality and complexity.
The programme is open to all, aside from Microsoft employees and their relatives and household members, corporations, and residents of nations under United States sanctions. The biggest payouts are contingent on the provision of working exploit code and a high-quality report covering remote code execution or sandbox-escape vulnerabilities, while those with proof-of-concept but no functioning exploit will receive lesser sums. The lowest payout, at $500, is given to those who find address-space layout randomisation (ASLR) disclosure vulnerabilities in Project Spartan or the EdgeHTML engine, which could potentially lead to further exploits in future.
Even as Microsoft launches the vulnerability bounty programme, Project Spartan has been hit by a bug - though, thankfully, not a security-related one. Members of the Windows Insiders programme currently testing the Windows 10 Technical Preview have discovered Project Spartan disappearing from their systems and being replaced by Internet Explorer - a bug which simply unpins the Spartan browser from the Start Menu and Start Screen, and which can be reversed relatively easily.
Full details on the new bug bounty can be found on the official website