Microsoft paid out millions in bug bounties last year

News
By
published

Software giant paid out $2m to security researchers for finding bugs in its products

Image Credit: Microsoft (Image credit: Image Credit: Microsoft)

The Microsoft Bounty Program paid out over $2m to security researchers for finding software bugs in its products in 2018 alone and now the company plans to extend its bug bounty program further with a number of improvements intended to better serve the security research community.

For starters, the Cloud, Windows and Azure DevOps programs will now award bounties upon completion of reproduction and assessment of each submission rather than waiting until the final fix has been determined.

By shortening the time from submission to award determination, Microsoft is helping researchers get their bounty rewards faster which should encourage them to continue to do so and may even help draw more researchers to the cause.

The company has also partnered with HackerOne for bounty payment processing and support to delivery bounty awards more efficiently. The hacker-powered security platform will also offer more payment options including PayPal, cryptocurrencies and direct bank transfer in more than 30 currencies.

Increased awards and duplicate submissions

Microsoft is also raising the top payouts in multiple bounty programs including the Windows Insider Preview bounty which increased from $15k to $50k in January 2019 and the Microsoft Cloud Bounty program for Azure, Office 365 and other online services will increase from $15k to $20k.

The scope of the Cloud bounty has also been expanded and the company plans to further expand the scope and rewards across its programs throughout the year.

Microsoft has also updated its policy on duplicate submissions in an effort to reward researchers for their contributions whenever it can. Now the first researcher to report a bounty-eligible vulnerability will receive the full eligible bounty award even if the bug is already known internally.

However, there has been no change to the company's policy regarding duplicate external reports of the same vulnerability and rewards are given on a first come first served basis.

  • We've also highlighted the best antivirus to help protect all of your devices online
TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Software & Services
Windows 11 Start menu layout choices: Grid view
Windows 11 vs Linux for business: which operating system should you embrace?
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
Gmail vs Outlook for business: which email system is right for your organization?
Windows 11 logo
Windows 11 Pro vs Windows 11 Home: which version is right for you?
Canva HubSpot
HubSpot and Canva team up to level the creative playing field
a laptop computer
Windows 11 vs ChromeOS for business: Is one better than the other for your needs?
a laptop computer
Windows 11 vs macOS for business: which side are you on?
Latest in News
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
More about software services
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.

Gmail vs Outlook for business: which email system is right for your organization?

Windows 11 Start menu layout choices: Grid view

Windows 11 vs Linux for business: which operating system should you embrace?
Terminator Salvation

7 of my favorite indie sci-fi movies streaming on Prime Video, Max, Hulu and more
See more latest
Most Popular
Dynabook Portégé Z40L-N
Dynabook's newest laptop has a 4-year warranty, a swappable battery, a weight of under 1 kg, and even a LAN port
Cortical Labs CL1
A breakthrough in computing: Cortical Labs' CL1 is the first living biocomputer and costs almost the same as 'Apple's best failure'
Workplace AI Adoption
ChatGPT remains the most popular AI tool in offices worldwide, survey finds, with India leading the way
Lexar ARMOR GOLD and SILVER PRO
Almost indestructible memory card launched; Lexar's Armor SD steel cards are water resistant and can survive a 16-feet drop
IBM FlashSystem C200
'Writing is on the wall for spinning rust': IBM joins Pure Storage in claiming disk drives will go the way of the dodo in enterprises
Disney Imagineering BDX Droids at Disneyland Galaxy's Edge
The adorable BDX Droids are coming to more Disney Parks around the world, including Disney World
Orange servers and networks
Alibaba doubles down on RISC-V architecture with a new secretive 'server-grade' chip that will put AMD and Intel on alert
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
Samsung Galaxy S25 Ultra HANDS ON
‘I don't see a space where the S Pen is not a key part of our portfolio’: Samsung executive defends the S Pen amid cancellation rumors
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)