Microsoft paid out $13.7 million to white hat hackers as part of its bug bounty program over the last twelve months – more than treble the $4.4 million awarded the previous year.
According to the Redmond giant, 1,226 eligible vulnerability reports were filed by a total of 327 researchers, with the largest bounty claimed reaching $200,000.
The company now operates 15 bounty schemes in all, having scaled up its efforts significantly in recent months, explaining the dramatic rise in the total value of bounties claimed.
Within the last year, Microsoft has launched six new product-specific bug bounty programs – spanning Azure, Edge, Dynamics 365, Xbox and more – and new research programs focused on the evasion of AI-based security models.
The company experienced increased levels of researcher engagement and higher report volumes in the first half of 2020, which was attributed to social distancing measures put in place as a result of the coronavirus pandemic.
“Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our respect and gratitude,” reads a new Microsoft blog post.
“The security landscape is constantly changing with emerging technology and new threats. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), security researchers have continued to help us secure millions of customers.”