Microsoft has mentioned it awarded over $13.6 million (£9.87 million) in rewards to security scientists collaborating in its community bug bounty programmes around the final 12 months.
Concerning 1 July 2020 and 30 June 2021, above 340 security researchers from across 58 countries participated in the tech giant’s 17 software package bug hunts, reporting a full of 1,261 legitimate vulnerabilities.
The quantity of participating scientists grew by at minimum a dozen given that the exact same period very last yr, when Microsoft awarded $13.7 million to 327 security researchers. Given that then, the tech big has additional two much more bug bounty programmes, such as just one for its Teams desktop shopper with potential benefits of up to $30,000, and saw the quantity of vulnerability experiences increase by 35.
On the other hand, irrespective of the reward quantity tripling concerning 2019 and 2020, 2021 saw a slight lower, of about $100,000.
Above the past 12 months, the highest variety of bug reports were submitted from security scientists based mostly in China, the US, Israel, and India. Despite the fact that the average reward was over $10,000 (£7,260), the biggest payout – $200,000 (£145,000) – was awarded for a vulnerability reported in Microsoft’s OS virtualisation technology, Hyper-V, underneath the Hyper-V Bounty Programme.
Microsoft Security Reaction Center associates Jarek Stanley, Lynn Miyashita, and Madeline Eckert thanked “everyone who shared their exploration with Microsoft this year and for their partnership in securing hundreds of thousands of customers”, in a assertion on the company’s website.
“We’re continually analyzing the menace landscape to evolve our programmes and listening to suggestions from scientists to aid make it easier to share their research. This calendar year, we launched new issues and situations to award investigate targeted on the greatest affect to buyer security.
“These aim regions served us not only find and correct challenges to purchaser privacy and security, but also give researchers major awards for their significant-influence get the job done,” they stated, incorporating that the Microsoft Security Response Middle will share “more bounty programme updates and advancements in the coming year”.
The title of the Most Important Security Researcher 2021 is to be declared in August.
Some areas of this posting are sourced from: