Vulnerability bonuses: Microsoft pays 13.6 million in twelve months

Microsoft Bug Bounty Program (Bild. Microsoft)

The amount has decreased slightly compared to the same period in the previous year. The highest single amount is $ 200,000. On average, Microsoft pays out more than $ 10,000 per reported vulnerability.

Microsoft paid $ 13.6 million in rewards through its Bug Bounty Program between July 1, 2020 and June 30, 2021. They went to a total of 341 security researchers. The amount is slightly lower than in 2019.

Microsoft Bug Bounty Program (Image. Microsoft)The highest amount was paid under the Hyper-V Bounty Program, which deals with vulnerabilities in the virtualization layer of Windows 10, Windows Server 2016 and containers for Windows and Linux applications in the cloud. Microsoft currently has 17 such programs, with the Hyper-V program offering the highest possible reward of up to $ 250,000.

“Averaging more than $ 10,000 per award across programs, each of the 1,200+ eligible reports reflects the talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of an ever-changing security environment,” it says in a blog entry by the Microsoft Security Response Center (MSRC).

Leave a Reply

Your email address will not be published. Required fields are marked *