Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020

Over the past 12 months, Microsoft has awarded security research a total of $13.7 million in bug bounties, more than three times the $4.4 million it paid out over the same period a year prior.

Between July 1, 2019, and June 30, 2020, Microsoft received 1,226 eligible vulnerability reports and awarded 327 security researchers across six continents. Its largest award in this time frame totaled $200,000.

Microsoft ran 15 bounty programs in the past year. Six were new: Azure Security Lab, Microsoft Dynamics 365 Bounty Program, Microsoft Edge on Chromium Bounty Program, Election Guard Bounty Program, Xbox Bounty Program, and the Azure Sphere Security Research Challenge. 

Some were updated, like the Identity Bounty Program and Windows Insider Preview Bounty Program. Microsoft also launched two new research grants over the past program year.

In addition to the new bounty programs, the company noticed an increase in researcher activity that it attributes to social distancing. All 15 of its bug bounty programs saw strong engagement and higher report volume during the first several months of the COVID-19 pandemic.

Read the full recap here.

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.