Microsoft Bug Bounty Program paid $13.7 million to security researchers in the past 12 months

Back in 2015, Microsoft first announced the Microsoft Bug Bounty program. With the launch of the program, Microsoft started offering direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques.

Over the past 12 months, Microsoft Bug Bounty program has paid $13.7M in bounties to security researchers. This is more than three times the $4.4 million which Microsoft awarded over the same period last year. In the past 12 months, Microsoft announced six new bounty programs and two new research grants, attracting over 1,000 eligible reports from over 300 researchers across 6 continents.

Thank you to everyone who shared their research with Microsoft this year, and for their participation in Microsoft’s Bounty Programs. Millions of customers, and the broader ecosystem, are more secure thanks to their efforts. – Microsoft.

Right now, Microsoft offers the following bounty programs:

• Microsoft Azure
• Microsoft Identity
• Xbox
• Microsoft Online Services
• Microsoft Azure DevOps Services
• Microsoft Dynamics 365
• Microsoft .NET Core and ASP.NET Core
• Microsoft Hyper-V
• Microsoft Windows Insider Preview
• Windows Defender Application Guard
• Microsoft Edge (Chromium-based)
• Microsoft Edge (EdgeHTML) on Windows Insider Preview
• Office Insider
• ElectionGuard
• Mitigation Bypass and Bounty for Defense
• Grant: Microsoft Identity

Source: Microsoft