Microsoft announced on Monday that over the past year it has paid out roughly $16.6 million through its bug bounty programs.
Between 2020 and 2023, Microsoft paid out roughly $13 million every year through its bug bounty programs. However, for the past year — the timeframe between July 1, 2023, and June 30, 2024 — the amount increased to $16.6 million. This brings the total paid out by Microsoft since 2018 to $75.5 million.
Over the past year, Microsoft rewarded 343 researchers from 55 countries for more than 1,300 eligible vulnerability reports. The biggest single reward paid out by the company was $200,000.
The tech giant’s 18 bug bounty programs cover products and services such as Azure, Microsoft 365, Windows, Power Platform, Dynamics 365, Edge, and Xbox.
In the past year, Microsoft introduced the AI Bounty Program, Identity Bounty Program, 365 Insider Program, Defender Bounty Program, and a limited Secure Boot award. It also announced research grants focusing on Dataverse integrations.
The company has promised to continue improving its bug bounty programs based on feedback received from researchers.
Last week, Microsoft announced a new MSRC Researcher Resource Center, which provides useful resources for security researchers.
Related: Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program
Related: Netflix Paid Out Over $1 Million via Bug Bounty Program
Related: Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push
Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program