Over the past 12 months, Microsoft has paid out $13.6 million in bug bounties to 341 security researchers in nearly 60 countries. Although Microsoft has added two new software to the mix, it is somewhat less than last year.
In its review year, Microsoft stated that the average award amount across all programs is over $10,000. Under Hyper-V Bounty, the largest single prize was $200,000, which includes three types of vulnerabilities: remote code execution, information disclosure, and denial of service. The program description states that the highest possible award is $250,000, so it appears that no one has made it to the final award within the past year.
In total, Microsoft received 17,261 reports of eligible vulnerabilities over a 12-month period. Grace programs.
Interestingly, this year's stats are very similar to last year's. In the previous year, Microsoft awarded a total of $13.7 million to 327 researchers, including 1,226 eligible reports. Just like last year, the largest separate prize was $200,000.
Since last year's report, Microsoft has added two new debugging programs and a search program. The Microsoft Apps (Teams Desktop) Rewards Program launched in March 2021, followed by the SIKE Crypto Challenge, which was introduced just last month. Meanwhile, the Windows Insider Preview Bounty Program was updated in July 2020 and the Limit Search Program was updated last February. p>
Microsoft gave $13.6 million to security researchers over the past year through bug bounty programs