Microsoft Awards $13.7 Million in Bug Bounty Program
Microsoft announced last week that it has paid out $13.7 million to 335 researchers in the last year through Microsoft Bug Bounty Programs. This amount is an increase over last year's awarded $13.6 million in bug bounties.
The security based initiative incentivizes third party researchers and IT pros to discover vulnerabilities in Microsoft's software and services. This year's largest single bounty was $200,000, awarded to an unnamed researcher that discovered a hole in Hyper-V, and the averagepayout for bug bounty was $12,000. Microsoft's recorded figures is for the period between July 1, 2021 and June 30, 2022.
"We believe partnerships with the global security research community are an essential part of protecting customers, and we will continue to invest in and evolve our bounty programs as a part of strengthening these partnerships," wrote Microsoft in a blog post.
As part of its evolution of the program, Microsoft expanded its bug bounties to include new entries over the past 12 months. Per Microsoft:
Microsoft said it focused on increasing its bugs associated with its cloud services due to the growing threats targeting Microsoft's Azure platform and Microsoft 365. "The addition of these attack scenarios to our Azure, Dynamics 365 and Power Platform, and M365 bounty programs helps to focus research on the highest impact cloud vulnerabilities including areas like Azure Synapse Analytics, Key Vault, and Azure Kubernetes Services," said Microsoft.