Microsoft has given $63 million in rewards to bug bounty program participants since its first program for reports on Windows 8.1 exploitation methods and Internet Explorer 11 preview flaws in 2013, with $60 million of the bounty paid during the last five years alone, reports SecurityWeek.
While only hundreds of dollars annually have been doled out during the early years of its bug bounty program, Microsoft has begun allocating over $13 million a year beginning in 2020 and has been conducting 17 programs across its various offerings, with a maximum bounty of $250,000 for severe Hyper-V hypervisor flaws.
Aside from increasing its bounties, Microsoft has also moved to focus on more customer-facing vulnerabilities as well as reduce patching times.
"The data from the programs is a critical part of arming product and security teams across the company to deliver broader security improvements and mitigations beyond one-off bug fixes," said Microsoft.
The agency says 1,119, or approximately 85%, of those bugs have been remediated thus far, and it took agencies 38 days on average to fix or address flaws reported through its Vulnerability Disclosure Policy Platform.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news