Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year

Microsoft paid out $16.6 million to over 340 security researchers through its bug bounty programs over the past year.

Microsoft announced on Monday that over the past year it has paid out roughly $16.6 million through its bug bounty programs.

Between 2020 and 2023, Microsoft paid out roughly $13 million every year through its bug bounty programs. However, for the past year — the timeframe between July 1, 2023, and June 30, 2024 — the amount increased to $16.6 million. This brings the total paid out by Microsoft since 2018 to $75.5 million. 

Over the past year, Microsoft rewarded 343 researchers from 55 countries for more than 1,300 eligible vulnerability reports. The biggest single reward paid out by the company was $200,000. 

The tech giant’s 18 bug bounty programs cover products and services such as Azure, Microsoft 365, Windows, Power Platform, Dynamics 365, Edge, and Xbox. 

In the past year, Microsoft introduced the AI Bounty Program, Identity Bounty Program, 365 Insider Program, Defender Bounty Program, and a limited Secure Boot award. It also announced research grants focusing on Dataverse integrations.

The company has promised to continue improving its bug bounty programs based on feedback received from researchers.

Last week, Microsoft announced a new MSRC Researcher Resource Center, which provides useful resources for security researchers. 

Related: Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Related: Netflix Paid Out Over $1 Million via Bug Bounty Program

Advertisement. Scroll to continue reading.

Related: Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights