You might be familiar with the Microsoft Bug Bounty Program as it always makes headlines when zero days and other security flaws are discovered in Windows and Microsoft software. Through the program, Microsoft pays out global security researchers for these discoveries. Well, a new blog post from Microsoft recently dived into the program a bit deeper, revealing that Microsoft awarded $13.7 million in bug bounties.
According to Microsoft, that $13.7 million in bounties was shared by more than 330 security researchers across 46 countries. The biggest reward related to Hyper-V where $200,000 was granted under the Hyper-V Bounty Program. Additionally, Microsoft says that the average award was around $12,000 across all Bug Bounty Programs. Check out the other data in this chart below. For reference, in 2020, Microsoft paid out a similar amount. However, there are now two newer bounty programs, more researchers, and eligible reports between the two years.
You might remember some of the controversies around changes in monetary payouts for the program, but Microsoft says that it made changes in the past year. They introduced a new research challenge and new high-impact attack scenarios across to award research focused on the most critical areas of their products. You can learn more about the Microsoft Bug Bounty Program over on its website.