Hunting bugs for Microsoft could make for a seriously lucrative career
Microsoft has ramped up its bug bounty program this year, paying out millions in the last twelve months to researchers able to identify vulnerabilities in its products.
The company paid out $13.7 million in total, which represents a significant increase on the $4.4 million awarded the previous year – and is also more than double the $6.5 million paid out by Google in 2019.
The most lucrative Microsoft bounty claimed in the last twelve months hit $200,000, which ranks among the largest ever awarded for a single vulnerability.
Microsoft bug bounties
According to a new blog post from Microsoft Security Response Center, the firm now operates 15 bug bounty schemes in total, having redoubled its focus on the program in recent months.
Within the last year, Microsoft has launched six new bounty programs, attached to products including Azure, Edge, Dynamics 365, Xbox and more.
The company also updated two security research programs and rolled out a further three, linked to the company’s Identity services and its work in the field of AI.
Across the board, Microsoft reported increased levels of researcher engagement and higher report volumes in the first half of 2020 (attributed to the coronavirus lockdown), which offers some explanation for the sharp rise in bounties claimed.
“Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our respect and gratitude,” reads the blog post.
“The security landscape is constantly changing with emerging technology and new threats. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), security researchers have continued to help us secure millions of customers.”