10 Years On, Microsoft’s Bug Bounty Program Has Paid Out $60 Million>
Security Boulevard – Jeffrey Burt
Microsoft’s 10-year bug bounty program milestone, with over $60 million in rewards, is marked by the launch of a new program focused on its Defender security brand.
The new program will reward researchers up to $20,000 for finding vulnerabilities, and will initially concentrate on Microsoft Defender for Endpoint APIs.
Multiple categories of flaws, from remote code execution to information disclosure, are included in the scope.
The move illustrates Microsoft’s continued interest in bug bounty programs, now totaling almost two dozen, covering various offerings.
Over the past five years, the company has paid $58.9 million to 1,117 researchers globally, with the largest reward being $200,000.
Microsoft’s bug bounty program had a rough start, as the company initially resisted the idea.
However, the program has continually evolved, with increased rewards, clear guidelines, and a focus on mitigating potential risks.
Notably, bug bounty programs are now common tools for organizations and government agencies.
The article also highlights the lucrative nature of bug hunting, mentioning that HackerOne has paid more than $300 million to ethical hackers.
It ends by noting that even some threat groups are launching bug bounty programs to incentivize researchers and hackers to report vulnerabilities.
Link: https://securityboulevard.com/2023/11/10-years-on-microsofts-bug-bounty-program-has-paid-out-60-million/