Microsoft has paid $13.6 million to bug hunters since July 2020

News
By Robert Carnevale
published

341 researchers made a decent chunk of change helping out Microsoft.

Grounded Screenshot Ladybug
Grounded Screenshot Ladybug (Image credit: Obsidian Entertainment)

What you need to know

  • Microsoft does not like having security vulnerabilities, so it offers to pay people who find them.
  • 341 researchers took the tech giant up on its offer between July 2020 and June 2021.
  • In that timeframe, Microsoft paid out $13.6 million in rewards.

Between July 1, 2020, and June 30, 2021, Microsoft paid out $13.6 million to researchers who discovered vulnerabilities in the company's programs and products. The biggest single reward paid out to a report (from a total pool of 1,261 eligible reports) was $200,000. As you might imagine, Microsoft is very grateful for everyone who saved it from potentially embarrassing incidents.

You can read the full bug bounty program year-in-review writeup over at Microsoft's Security Response Center, though the aforementioned items are the major takeaways from its report (via ZDNet). And if you want a shot at making some bank yourself, check out Microsoft's bounty program page, where you can submit security vulnerabilities you've detected in the hopes of collecting a sweet, sweet paycheck from Microsoft.

Take, for example, Microsoft's maximum payout for Xbox. If you detect a bug with Xbox Live, you can earn up to $20,000 from Microsoft as a reward! Never mind the fact that some guy who also detected an Xbox-related bug and chose not to report it ended up making $10 million off his discovery. If you do the right thing (as determined by most countries' legal systems and societal morals), it might make you less money, but you'll at least avoid going to prison and getting deported. Do svidaniya, Volodymyr Kvashuk.

In all seriousness, the payouts may seem small relative to the number of headaches a bug hunter is possibly sparing Microsoft. If you've been following the PrintNightmare issue, it's not hard to imagine what the company would give to have avoided that situation entirely. Now consider the idea of saving the company's Azure infrastructure for a maximum reward of $40,000 or Windows 11 for $200,000.

Alternatively, you can do all of this bug bashing in the pursuit of badges and achievements.

Robert Carnevale
Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.