At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company's products.
Microsoft's list of top contributors has become a Black Hat tradition, and many industry experts use it as a guide to today's top bug hunters.
Security researchers who rank on the list will often tout it as one of their highest career achievements, and for good reasons.
This year's rankings included bug reports filed in Microsoft products from July 1, 2018 to June 30, 2019. According to Microsoft, this year's top security researcher is Yuki Chen of Qihoo 360's Vulcan team.
Second is his colleague, Qixun Zhao, who also won a Pwnie Award for Best Privilege Escalation Bug. All in all, Qihoo 360's Vulcan team managed to place eight researchers in this year's ranking.
The full ranking for individual security researchers is available below:
In addition, Microsoft also unveiled rankings for best industry partners -- other cyber-security companies -- who contributed bug reports and threat intelligence towards improving the security of Microsoft products and users.
Microsoft has established these industry collaborations years ago, as part of the Microsoft Active Protections Program.
"This bi-directional sharing program of threat and vulnerability data has proven instrumental to help prevent broad attacks and quickly resolve security vulnerabilities in Microsoft products and services," the OS maker said last week, when it announced this week's awards.
As per Microsoft, the top enterprise vulnerability contributors are:
- Qihoo 360
- Palo Alto Networks
- Also ranked: Baidu, Check Point, Fortinet, Kaspersky, Legendsec, McAfee, Sophos, and Symantec
Top contributors of threat indicators and intelligence are:
- Beijing Rising
- Also ranked: Forcepoint, Fortinet, Network Box, Sophos, Tesorion, and Wins (Technet)
Top contributors of zero-day (under attack) vulnerabilities are:
- Palo Alto Networks
- Also ranked: ESET and Kaspersky
Related cybersecurity coverage:
- Facebook files lawsuit against two Android app developers for click fraud
- 3 ads generate 5.5 times more revenue than a web-based cryptojacking script
- AT&T employees took bribes to plant malware on the company's network
- US military purchased $32.8m worth of electronics with known security risks
- Apple expands bug bounty to macOS, raises bug rewards
- WordPress team working on daring plan to forcibly update old websites
- iOS developers still failing to build end-to-end encryption into apps TechRepublic
- The best identity theft monitoring services for 2019 CNET