Microsoft pays out $13.7m through bug bounty programs over last year

Microsoft recently revealed that over the past 12 months it has paid out $13.7m in rewards as part of its bug bounty programs.

According to Security Week, the tech giant is currently running over 15 bug bounty programs covering assets across its cloud services, desktop applications and operating systems, and confidentiality and visualisation solutions.

Security researchers that are interested in participating in Microsoft’s bug bounty programs may earn rewards of up to $250,000 for critical-severity vulnerabilities in Hyper-V that could lead to remote code execution, information disclosure or denial of service.

The biggest payout that Microsoft handed up between July 1, 2021 and June 30, 2022 was of $200,000, awarded for a critical flaw in the Hyper-V hypervisor.

During the 12-month period, over 330 security researchers received rewards via Microsoft’s bug bounty programs, for an average payout of more than $12,000.

Microsoft says it is evolving its bug bounty programs based on feedback from researchers. This year, the company introduced across its programs a new research challenge and new high-impact attack scenarios.

Tech giant Microsoft is set to acquire cyber threat analysis and research company Miburo for an undisclosed fee.

New York-based Miburo specialises in foreign information operations and helps to provide analysis, consulting and train services. The company’s research team detects and attributes influence campaigns over a range of different languages.

In addition, the firm helps its clients create strategies for mitigating risks and provides in-person and online training to law enforcement, intelligence, military and cybersecurity professionals.

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.