Microsoft reported on the work of their 15 bug bounty programs last year. It turned out that in 2019 the company paid the researchers a total of $ 13,700,000 for the discovered vulnerabilities, that is, three times more than a year earlier ($ 4,400,000).
In total, in the period from July 1, 2019 to June 30, 2020, 327 information security researchers discovered 1226 vulnerabilities in Microsoft products. The largest award was $ 200,000 and was related to a vulnerability in Hyper-V.
“The researchers who devote their time to discovering and uncovering security issues before attackers can exploit them deserve our collective respect and gratitude,” says the Microsoft Security Response Center blog.
Thus, last year's bug bounty payments to Microsoft programs far surpassed similar awards from Google, the total amount of which was only 6,500,000 dollarsand Google called the year a record year.
Microsoft says the large payments are due to the launch of six new incentive programs and two new research grants. As a result, the company has attracted over 1000 pertinent bug reports from over 300 researchers.
The company also notes that the researchers were clearly affected by the coronavirus pandemic and quarantines in many countries of the world: in the first months of the pandemic, information security specialists were noticeably more active.