/>
X

Bug bounties: Here's how much Microsoft paid out to security researchers last year

Microsoft's bug bounty payments have flattened out but still remain large.
liam-tung.jpg
Written by Liam Tung, Contributor on

Microsoft has revealed it awarded 341 researchers a total of $13.6 million during the past year for reporting security vulnerabilities in its bug bounty programs

The awards were issued between July 1, 2020 and June 30, 2021 and is slightly less than what it paid out in 2019. That year, Microsoft tripled the awards from the previous year. 

The largest award was $200,000 under the Hyper-V Bounty Program, Microsoft's program for its virtualization layer on Windows 10, Windows Server 2016, and containers for running Windows and Linux applications in the cloud. 

SEE: Network security policy (TechRepublic Premium)

"With an average of more than $10,000 USD per award across all programs, each of the over 1,200 eligible reports reflect the talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment," the Microsoft Security Response Center (MSRC) said in a blogpost

Microsoft has launched some new bug bounties this year, including one for Microsoft Teams with awards up to $30,000 for critical bug reports. The other bounty is aimed at a potential future post-quantum cryptography standard called Supersingular Isogeny Key Encapsulation (SIKE)

Microsoft currently has 17 bug bounty programs available for researchers to earn rewards. The Hyper-V program offers the largest possible award of up to $250,000. 

The Microsoft Identity bounty is also important, covering Microsoft Account, Azure Active Directory, or select OpenID standards. The top payout is $100,000. 

Some individual security researchers can earn significant sums – even millions – from bug bounty programs.

Related

Microsoft: This out-of-band Windows security update fixes Microsoft 365 sign-in issues for Arm devices
getty-staff-pointing-at-a-computer-in-an-office.jpg

Microsoft: This out-of-band Windows security update fixes Microsoft 365 sign-in issues for Arm devices

Security
Windows admins get most asked for tools for Microsoft 365 app updates
istock-682295824.jpg

Windows admins get most asked for tools for Microsoft 365 app updates

Productivity
Microsoft June 2022 Patch Tuesday: 55 fixes, remote code execution in abundance
microsoft windows security patch tuesday

Microsoft June 2022 Patch Tuesday: 55 fixes, remote code execution in abundance

Security