Microsoft awarded $13.6 million in bug bounties over the last 12 months
Over 340 security researchers from 58 countries reported a total of 1,261 valid vulnerabilities between 2020-2021
Between 1 July 2020 and 30 June 2021, over 340 security researchers from across 58 countries participated in the tech giant’s 17 software bug hunts, reporting a total of 1,261 valid vulnerabilities.
The number of participating researchers grew by at least a dozen since the same period last year, when Microsoft awarded $13.7 million to 327 security researchers. Since then, the tech giant has added two more bug bounty programmes, including one for its Teams desktop client with potential rewards of up to $30,000, and saw the number of vulnerability reports increase by 35.
However, despite the reward amount tripling between 2019 and 2020, 2021 saw a slight decrease, of around $100,000.
Over the last 12 months, the highest number of bug reports were submitted from security researchers based in China, the US, Israel, and India. Although the average reward was over $10,000 (£7,260), the largest payout – $200,000 (£145,000) – was awarded for a vulnerability reported in Microsoft’s OS virtualisation technology, Hyper-V, under the Hyper-V Bounty Programme.
Microsoft Security Response Center members Jarek Stanley, Lynn Miyashita, and Madeline Eckert thanked “everyone who shared their research with Microsoft this year and for their partnership in securing millions of customers”, in a statement on the company’s blog.
The Forrester Wave: Top security analytics platforms
The 11 providers that matter most and how they stack upFree download
“We’re constantly evaluating the threat landscape to evolve our programmes and listening to feedback from researchers to help make it easier to share their research. This year, we introduced new challenges and scenarios to award research focused on the highest impact to customer security.
"These focus areas helped us not only discover and fix risks to customer privacy and security, but also offer researchers top awards for their high-impact work,” they said, adding that the Microsoft Security Response Center will share “more bounty programme updates and improvements in the coming year”.
The title of the Most Valuable Security Researcher 2021 is to be announced in August.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download