Microsoft forks out another US$13.6M in bug bounty rewards

Microsoft forks out another US$13.6M in bug bounty rewards

US$100,000 less than its bounty tally in the year prior.

Credit: Dreamstime

Microsoft awarded US$13.6 million in bug bounties to more than 340 security researchers across 58 countries during the 12 months to 30 June, US$100,000 less than its bounty tally in the year prior.  

In the latest accounting of the vendor’s bug bounty payouts, the largest award was US$200,000 under the Hyper-V Bounty Program, in which individuals across the globe have the opportunity to submit vulnerabilities in eligible product versions for Microsoft Hyper-V for awards of up to US$250,000. 

“With an average of more than US$10,000 per award across all programs, each of the over 1,200 eligible reports reflect the talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment,” the Microsoft Security Response Centre (MSRC) team said in a blog post.  

“Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. Bug bounty programs are one part of this partnership.  

“By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), researchers continue to help us secure millions of customers,” the post stated.  

This year, Microsoft introduced new challenges and scenarios to award research focused on the highest impact to customer security. The vendor said that the new focus areas helped it not only discover and fix risks to customer privacy and security, but also offer researchers top awards for their high-impact work. 

In August last year, Microsoft revealed it had handed out US$13.7 million in bug bounty payments to a global army of cyber security hackers for uncovering bugs during the year to 30 June 2020.  

That figure was more than three times the US$4.4 million the technology giant awarded over the same period the year before.  

During the year to 30 June 2020, Microsoft launched six new bounty programs and two new research grants, which it claims attracted more than 1,000 eligible reports from over 300 researchers across six continents.  

The company said at the time that it saw strong researcher engagement and higher report volume during the first several months of the COVID-19 pandemic

To date, Microsoft has 17 bug bounty programs in total. 

Tags Microsoftsecurity

Show Comments