Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year

Microsoft paid out $16.6 million to over 340 security researchers through its bug bounty programs over the past year.

Microsoft announced on Monday that over the past year it has paid out roughly $16.6 million through its bug bounty programs.

Between 2020 and 2023, Microsoft paid out roughly $13 million every year through its bug bounty programs. However, for the past year — the timeframe between July 1, 2023, and June 30, 2024 — the amount increased to $16.6 million. This brings the total paid out by Microsoft since 2018 to $75.5 million. 

Over the past year, Microsoft rewarded 343 researchers from 55 countries for more than 1,300 eligible vulnerability reports. The biggest single reward paid out by the company was $200,000. 

The tech giant’s 18 bug bounty programs cover products and services such as Azure, Microsoft 365, Windows, Power Platform, Dynamics 365, Edge, and Xbox. 

In the past year, Microsoft introduced the AI Bounty Program, Identity Bounty Program, 365 Insider Program, Defender Bounty Program, and a limited Secure Boot award. It also announced research grants focusing on Dataverse integrations.

The company has promised to continue improving its bug bounty programs based on feedback received from researchers.

Last week, Microsoft announced a new MSRC Researcher Resource Center, which provides useful resources for security researchers. 

Related: Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Related: Netflix Paid Out Over $1 Million via Bug Bounty Program

Advertisement. Scroll to continue reading.

Related: Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.