by Microsoft, like many other technology companies, quite generously rewards “white” hackers (they hack companies’ products on the orders of the companies themselves) for the vulnerabilities identified in its products under the corresponding Bug Bounty programs. In the last 12 months alone (from July 1, 2019 to June 30, 2020), Microsoft paid out bonuses totaling $ 13.7 million – almost three times the amount of awards of $ 4.4 million paid in the same period last year.
This year, Microsoft launched six new vulnerability cash reward programs and two new research grants, which it claims has generated more than 1,000 relevant reports from more than 300 researchers across six continents. In total, Microsoft has 15 such Bounty programs.
The maximum reward for a critical vulnerability at Microsoft reaches $ 200,000.
New and updated bounty programs
Microsoft Dynamics 365 Bounty ProgramAzure Security LabMicrosoft Edge on Chromium Bounty ProgramElection Guard Bounty ProgramIdentity Bounty ProgramXbox Bounty ProgramAzure Sphere Security Research ChallengeWindows Insider Preview Bounty Program
New research programs:
Most Valuable Researcher Recognition Program Security Researcher Quarterly Leaderboard Identity Research Grant Microsoft Security AI RFP (in partnership with Microsoft Research) Machine Learning Security Evasion Competition (in partnership with CUJO AI, VMRay, MRG Effitas)
