Over the past 12 months, Microsoft has awarded security research a total of $13.7 million in bug bounties, more than three times the $4.4 million it paid out over the same period a year prior.
Between July 1, 2019, and June 30, 2020, Microsoft received 1,226 eligible vulnerability reports and awarded 327 security researchers across six continents. Its largest award in this time frame totaled $200,000.
Microsoft ran 15 bounty programs in the past year. Six were new: Azure Security Lab, Microsoft Dynamics 365 Bounty Program, Microsoft Edge on Chromium Bounty Program, Election Guard Bounty Program, Xbox Bounty Program, and the Azure Sphere Security Research Challenge.
Some were updated, like the Identity Bounty Program and Windows Insider Preview Bounty Program. Microsoft also launched two new research grants over the past program year.
In addition to the new bounty programs, the company noticed an increase in researcher activity that it attributes to social distancing. All 15 of its bug bounty programs saw strong engagement and higher report volume during the first several months of the COVID-19 pandemic.
Read the full recap here.