As part of 17 programs to find vulnerabilities in software products and services, Microsoft paid $13.7 million. The reward programs stimulate research in the field of information security, as well as help counteract new technologies used by attackers.
Related: Best laptop for hacking - review
Security researchers help the corporation protect millions of customers. White hat hackers discover vulnerabilities and report them to Microsoft using the Coordinated Vulnerability Disclosure model.
According to a Microsoft report, from July 1, 2021 to June 30, 2022, the corporation:
- paid awards to 335 information security professionals in 46 countries;
- the largest reward under the Hyper-V Bounty program was $200,000;
- the average amount of payments for all Microsoft programs exceeded $12,000;
- the corporation received 1091 vulnerability reports.
These results testify to high efficiency of researches which are carried out by communities of information security specialists, sums up Microsoft.
The Corporation notes that it is constantly developing its programs and partnerships to meet the changing landscape of information security threats. The company emphasizes that a key element of this process is responding to researchers' feedback.
Over the past year, Microsoft has introduced a new research challenge and new scenarios for highly effective attacks on many of the company's products. Adding scripts to the Azure, Dynamics 365, Power Platform, and M365 bounty programs helps guide research into the biggest vulnerabilities, including areas like Azure Synapse Analytics, Key Vault, and Azure Kubernetes Services.
Microsoft called partnerships with the global information security research community an important part of customer protection. The corporation promises to invest in reward programs and continue to develop them.
Last July, Microsoft released a report showing the results of the study from July 1, 2020 to June 30, 2021. It follows from it that the company paid remuneration to 340 information security specialists from 58 countries. The largest payout was also $200,000, with the average reward exceeding $10,000. Specialists provided Microsoft with 1,261 vulnerability reports. The total amount of payments was $13.6 million.