Microsoft on Tuesday introduced that 344 safety researchers in 59 international locations obtained $17 million in rewards by its bug bounty packages over the previous 12 months.
That is the very best complete bounty the Redmond-based tech large has distributed in a single 12 months since launching its bug bounty packages in 2018, and brings the overall paid out to $92.5 million.
Final 12 months, the corporate stated it handed out $16.6 million in rewards between July 1, 2023, and June 30, 2024, and the quantity was roughly $13 million yearly between 2020 and 2023.
The $1.6 million it paid out through the Zero Day Quest qualifying analysis problem was additionally included within the 2025 complete. Microsoft obtained over 600 vulnerability submissions as a part of the occasion.
This week, the corporate introduced it’s now accepting submissions for the 2026 analysis problem, and that it’s betting as much as $5 million in rewards for bugs in Azure, Copilot, Dynamics 365 and Energy Platform, Id, and M365.
Over the previous 12 months, the tech large has up to date its bug bounty packages to increase protection to extra services, and to align the bounty initiatives with rising threats and safety challenges.
The Copilot bounty program now covers extra client merchandise and affords increased incentives to researchers. Extra APIs and domains that safe Enterprise accounts had been added to the Id bounty program, and Viva Glint, Studying, Pulse, and Characteristic Entry Management at the moment are in scope of the M365 program.
Microsoft additionally introduced the inclusion of Defender for Id (MDI), Defender for Workplace (MDO), and Defender for Cloud Purposes (MDA) within the Defender bounty program. The corporate expanded the Dynamics 365 & Energy Platform program with an AI class, and refreshed the assault state of affairs rewards within the Home windows bounty program.Commercial. Scroll to proceed studying.
“Bounty awards are decided by the severity and potential impression of the reported vulnerability, in addition to the readability, accuracy, and completeness of the submission. We prioritize awards in areas that matter most to our clients, encouraging analysis that drives significant safety enhancements the place it counts most,” Microsoft notes.
Associated: Microsoft Boosts .NET Bounty Program Rewards to $40,000
Associated: Microsoft’s Undertaking Ire Autonomously Reverse Engineers Software program to Discover Malware
Associated: Google Paid Out $12 Million by way of Bug Bounty Applications in 2024
Associated: Microsoft Gives $5 Million at Zero Day Quest Hacking Contest
