"Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year"

Microsoft recently announced that, over the past 12 months alone, it paid out $13.7 million in rewards as part of its bug bounty programs.  Microsoft is currently running over 15 bug bounty programs covering assets across its cloud services, desktop applications and operating systems, and confidentiality and virtualization solutions, including a program covering the ElectionGuard open source software development kit (SDK).  Any security researchers interested in participating in Microsoft’s bug bounty programs may earn rewards of up to $250,000 for critical-severity vulnerabilities in Hyper-V that could lead to remote code execution, information disclosure, or denial of service (DoS).  The single biggest payout that Microsoft handed out between July 1, 2021, and June 30, 2022, was $200,000, awarded for a critical flaw in the Hyper-V hypervisor.  During the 12 months, more than 330 security researchers received rewards via Microsoft’s bug bounty programs, for an average payout of more than $12,000.  The company stated that it is evolving its bug bounty programs based on feedback from researchers. 

SecurityWeek reports: "Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year"