Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards | MSRC Blog

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the ever-changing security landscapes, emerging technology, and new threats. Security Researchers help us secure millions of customers by discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure.

Over the past 12 months, Microsoft awarded $13.7M in bug bounties to more than 330 security researchers across 46 countries. In the last year, the largest award was $200,000 under the Hyper-V Bounty Program, and the average award was more than $12,000 across all our programs, demonstrating the high impact research from one of the largest and most diverse global security research communities.

What has changed in the past year?

We are constantly evolving our programs and partnerships to meet the changing threat landscape. A key element of this maturing process is listening to feedback from researchers to remove barriers to entry and better facilitate research efforts. This year, we introduced a new research challenge and new high-impact attack scenarios across many of our programs to award research focused on the most critical areas to customer security. The addition of these attack scenarios to our Azure, Dynamics 365 and Power Platform, and M365 bounty programs helps to focus research on the highest impact cloud vulnerabilities including areas like Azure Synapse Analytics, Key Vault, and Azure Kubernetes Services.

New and Updated Bug Bounty and Research Programs

We believe partnerships with the global security research community are an essential part of protecting customers, and we will continue to invest in and evolve our bounty programs as a part of strengthening these partnerships. Thank you to all the researchers who shared their research with Microsoft this year to help secure millions of Microsoft customers.

Lynn Miyashita and Madeline Eckert



Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *