Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year

Microsoft this week announced that, over the past 12 months alone, it paid out $13.7 million in rewards as part of its bug bounty programs.

Microsoft this week announced that, over the past 12 months alone, it paid out $13.7 million in rewards as part of its bug bounty programs.

The tech giant is currently running over 15 bug bounty programs covering assets across its cloud services, desktop applications and operating systems, and confidentiality and virtualization solutions, including a program covering the ElectionGuard open source software development kit (SDK).

Security researchers interested in participating in Microsoft’s bug bounty programs may earn rewards of up to $250,000 for critical-severity vulnerabilities in Hyper-V that could lead to remote code execution, information disclosure, or denial of service (DoS).

In fact, the single biggest payout that Microsoft handed out between July 1, 2021, and June 30, 2022, was of $200,000, awarded for a critical flaw in the Hyper-V hypervisor.

During the 12-month period, more than 330 security researchers received rewards via Microsoft’s bug bounty programs, for an average payout of more than $12,000.

Microsoft says it is evolving its bug bounty programs based on feedback from researchers. This year, the company introduced across its programs a new research challenge and new high-impact attack scenarios.

New additions and updates include an Azure SSRF challenge, Android and iOS being added to the Edge bounty program, a recognition program for researchers, the addition of on-premises Exchange, SharePoint, and Skype for Business to the bug bounty program, and expanded Azure, M365, and Dynamics 365 and Power Platform bounty programs with high-impact scenarios.

“The addition of these attack scenarios to our Azure, Dynamics 365 and Power Platform, and M365 bounty programs helps to focus research on the highest impact cloud vulnerabilities including areas like Azure Synapse Analytics, Key Vault, and Azure Kubernetes Services,” Microsoft notes.

Advertisement. Scroll to continue reading.

Related: Microsoft Patches 128 Windows Flaws, New Zero-Day Reported by NSA

Related: Microsoft Adds Teams Mobile Applications to Bug Bounty Program

Related: Microsoft Launches ElectionGuard Bug Bounty Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.