Microsoft paid out $14m in bug bounty rewards in past 12 months – report

Author

Original post of this article

Microsoft paid out $14m in bug bounty rewards in past 12 months – report


Jessica Haworth

12 July 2021 at 14:00 UTC

Updated: 12 July 2021 at 14:02 UTC

Security researchers received an average of $10k per report

Microsoft has awarded $13.6 million to security researchers under it bug bounty program in the past 12 months alone

Microsoft has awarded $13.6 million to security researchers under it bug bounty program in the past 12 months alone.

The tech giant, which runs a number of technology-specific programs under the umbrella of its coordinated vulnerability disclosure (CVD) program, revealed the figure in a blog post.

Its single highest reward was $200k, which was handed out for the discovery of vulnerabilities in its Hyper V program.

Microsoft also revealed that in the past year, security researchers netted an average of $10k per report.

Payouts

The rewards were given to more than 340 security researchers across 58 countries, said Microsoft, adding that 1,200 of the reports it received were eligible for a payout.

Microsoft said the sheer volume of reports reflects the “talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment”.

The company also said that it is “constantly evaluating” the threat landscape in order to makes changes to the program and respond accordingly.

Read more of the latest bug bounty news

“This year, we introduced new challenges and scenarios to award research focused on the highest impact to customer security,” said Microsoft.

“These focus areas helped us not only discover and fix risks to customer privacy and security, but also offer researchers top awards for their high-impact work.”

YOU MAY LIKE Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page’

More
articles