Site navigation

Microsoft Bug Bounty Payouts Skyrocket to $13.7 Million

Ross Kelly


Microsoft bug bounty

Security researchers are continuing to help companies keep customers secure and counter emerging threats.

Microsoft has paid out $13.7 million (£10m) to security researchers through its bug bounty programmes within the last 12-months.

The latest figures show the tech giant has paid out more than three times as much to bug hunters and researchers compared to the same period from 2018 to 2019.

Across a 12-month period spanning 2018/19, Microsoft paid out $4.4 million in rewards, while the year before saw the firm pay out $2 million.

327 researchers were rewarded for identifying a wide variety of bugs and flaws in Microsoft products and software over the past year, with the single largest reward standing at $200,000.

By comparison, throughout 2019 Google paid out $6.5 million through its own bug bounty programmes. Rewards were distributed to a larger number of researchers – 461 in total.

The increased pay-outs and activity come amid a challenging period for the global tech community and follow concerted efforts by Microsoft to improve and expand its bug bounty programmes.

“We’re constantly evaluating the threat landscape to evolve our programs and listening to feedback from researchers to help make it easier to share their research,” Microsoft said in a statement online.

This year, the company has launched six new bounty programmes, as well as two new research grants. Microsoft said the increased engagement has led to more than 1,000 eligible reports being filed by hundreds of researchers globally.

In 2019, Microsoft launched programmes for Microsoft Dynamics 365, Edge on Chromium and Azure Security Lab. The Xbox bounty programme was also launched earlier this year, Microsoft confirmed.


“In addition to the new bounty programs, Covid-19 social distancing appears to have had an impact on security researcher activity,” Microsoft said. “Across all 15 of our bounty programs we saw strong researcher engagement and higher report volume during the first several months of the pandemic.”

In April last year, Microsoft announced a partnership with HackerOne to boost its bug bounty programme. The partnership aims to speed up payment times for security researchers and ethical hackers who uncover flaws in Cloud, Windows and Azure DevOps environments.

Ross Kelly

Staff Writer

Latest News

Cybersecurity Data Protection
Editor's Picks Events Trending Articles
%d bloggers like this: