Microsoft bounty programs hand out $63M over a decade

Microsoft has given $63 million in rewards to bug bounty program participants since its first program for reports on Windows 8.1 exploitation methods and Internet Explorer 11 preview flaws in 2013, with $60 million of the bounty paid during the last five years alone, reports SecurityWeek. While only hundreds of dollars annually have been doled out during the early years of its bug bounty program, Microsoft has begun allocating over $13 million a year beginning in 2020 and has been conducting 17 programs across its various offerings, with a maximum bounty of $250,000 for severe Hyper-V hypervisor flaws. Aside from increasing its bounties, Microsoft has also moved to focus on more customer-facing vulnerabilities as well as reduce patching times. "The data from the programs is a critical part of arming product and security teams across the company to deliver broader security improvements and mitigations beyond one-off bug fixes," said Microsoft.