Microsoft Awards $13.7 Million in Bug Bounty Program By Chris Paoli -- Redmondmag.com

Microsoft Awards $13.7 Million in Bug Bounty Program

By Chris Paoli
08/15/2022

Microsoft announced last week that it has paid out $13.7 million to 335 researchers in the last year through Microsoft Bug Bounty Programs. This amount is an increase over last year's awarded $13.6 million in bug bounties.

The security based initiative incentivizes third party researchers and IT pros to discover vulnerabilities in Microsoft's software and services. This year's largest single bounty was $200,000, awarded to an unnamed researcher that discovered a hole in Hyper-V, and the averagepayout for bug bounty was $12,000. Microsoft's recorded figures is for the period between July 1, 2021 and June 30, 2022.

"We believe partnerships with the global security research community are an essential part of protecting customers, and we will continue to invest in and evolve our bounty programs as a part of strengthening these partnerships," wrote Microsoft in a blog post.

As part of its evolution of the program, Microsoft expanded its bug bounties to include new entries over the past 12 months. Per Microsoft:

Azure SSRF Research Challenge, launched August 2021

Azure Bounty Program, added high-impact research scenarios August 2021

Edge Bounty Program, added Android/iOS to scope October 2021

Microsoft Researcher Recognition Program, expanded recognition categories and swag February 2022

Applications and On-Premises Servers Bounty Program, added Exchange, Skype, and SharePoint on-premises April 2022

M365 Bounty Program, added high-impact research scenarios April 2022

Dynamics 365 and Power Platform Bounty Program, added high-impact research scenario & Power Platform to scope April 2022

Microsoft said it focused on increasing its bugs associated with its cloud services due to the growing threats targeting Microsoft's Azure platform and Microsoft 365. "The addition of these attack scenarios to our Azure, Dynamics 365 and Power Platform, and M365 bounty programs helps to focus research on the highest impact cloud vulnerabilities including areas like Azure Synapse Analytics, Key Vault, and Azure Kubernetes Services," said Microsoft.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.