Microsoft has disclosed the results of its bug bounty program, including the fact that it paid $13.6 million in bounties over the last year.
Most major companies offer bounties for security researchers who find and report major bugs. Microsoft has long made use of bug bounties as a way to secure its products and services.
According to the Microsoft Security Response Center (MSRC) Team, the company paid $13.6 million to dozens of researchers around the globe.
Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program. With an average of more than $10,000 USD per award across all programs, each of the over 1,200 eligible reports reflect the talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment.
The MSRC Team credits the success of the last year to a revamping of the program that puts greater emphasis on the highest impact bugs.