Microsoft paid out almost $14 million in bug bounties in the past year

Dave W. Shanahan

Microsoft finds that security researchers are a vital component of the cybersecurity ecosystem. These security researchers spend time discovering and reporting security bugs before anyone can use the bugs for nefarious purposes.

As detailed in a post on the Microsoft Security Response Center blog, Microsoft has paid out $13.7 million in bounty rewards to 327 security researchers through 15 bounty programs. The biggest reward totaled $200,000 from 1,226 eligible vulnerability reports. By comparison, Microsoft paid out just $4.4 million over the same period last year.

Microsoft continues to address new cybersecurity threats and vulnerabilities to make it easier for researchers to share their research. In addition, Microsoft is adding new bounty programs and offering two new research grants this year.

With more people forced to work from home due to the COVID-19 pandemic, Microsoft sees increased security researcher engagement and higher report volume now than in previous years.
If you are interested in learning more about each of Microsoft’s current bug bounty programs and research grants, the full list is available here.