Microsoft names top security researchers, zero-day contributors

Yuki Chen of Qihoo 360's Vulcan team named top bug hunter. Palo Alto Networks named top zero-day reporter.

At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company's products.

Microsoft's list of top contributors has become a Black Hat tradition, and many industry experts use it as a guide to today's top bug hunters.

Security researchers who rank on the list will often tout it as one of their highest career achievements, and for good reasons.

This year's rankings included bug reports filed in Microsoft products from July 1, 2018 to June 30, 2019. According to Microsoft, this year's top security researcher is Yuki Chen of Qihoo 360's Vulcan team.

Second is his colleague, Qixun Zhao, who also won a Pwnie Award for Best Privilege Escalation Bug. All in all, Qihoo 360's Vulcan team managed to place eight researchers in this year's ranking.

The full ranking for individual security researchers is available below:

msrc-top-researchers.png

Image: Microsoft

In addition, Microsoft also unveiled rankings for best industry partners -- other cyber-security companies -- who contributed bug reports and threat intelligence towards improving the security of Microsoft products and users.

Microsoft has established these industry collaborations years ago, as part of the Microsoft Active Protections Program.

"This bi-directional sharing program of threat and vulnerability data has proven instrumental to help prevent broad attacks and quickly resolve security vulnerabilities in Microsoft products and services," the OS maker said last week, when it announced this week's awards.

As per Microsoft, the top enterprise vulnerability contributors are:

  1. Qihoo 360
  2. Tencent
  3. Palo Alto Networks
  4. Also ranked: Baidu, Check Point, Fortinet, Kaspersky, Legendsec, McAfee, Sophos, and Symantec

Top contributors of threat indicators and intelligence are:

  1. Trustwave
  2. Baidu
  3. Beijing Rising
  4. Also ranked: Forcepoint, Fortinet, Network Box, Sophos, Tesorion, and Wins (Technet)

Top contributors of zero-day (under attack) vulnerabilities are:

  1. Palo Alto Networks
  2. McAfee
  3. Fortinet
  4. Also ranked: ESET and Kaspersky

Related cybersecurity coverage: