You may be familiar with the Microsoft Bug Bounty program because it always makes headlines when zero days and other security vulnerabilities are discovered in Windows and Microsoft software. Through the program, Microsoft pays global security researchers for these discoveries. Well, a new blog post from Microsoft recently dipped a little deeper into the program, revealing that Microsoft awarded $13.7 million in bug bounties.
According to Microsoft, those $13.7 million in bounties were shared by more than 330 security researchers in 46 countries. Biggest Hyper-V related reward where $200,000 was given out under the Hyper-V Bounty program. Additionally, Microsoft reports that the average reward was around $12,000 across all Bug Bounty programs. See the other data in this table below. For reference, in 2020 Microsoft paid a similar amount. However, there are now two new bounty programs, more researchers and eligible reports between the two years.
You may recall some of the controversy surrounding the changes in monetary payouts for the program, but Microsoft says it has made changes over the past year. They introduced a new research challenge and new high-impact attack scenarios to reward research focused on the most critical areas of their products. You can read more about the Microsoft Bug Bounty program more on its website.