This is the Trace Id: 048ad6e9d6e944ab09bb2d1bc1e3425b
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Mission Cyber Defense Operations Center Coordinated Vulnerability Disclosure Social Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

MSRC
/ By Jarek Stanley /

Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude.

The security landscape is constantly changing with emerging technology and new threats. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), security researchers have continued to help us secure millions of customers. Microsoft is committed to continuing to enhance our Bug Bounty Programs and strengthening our partnership with the security research community. Over the past 12 months Microsoft awarded $13.7M in bounties, more than three times the $4.4M we awarded over the same period last year.

What has changed in the past year?

We’re constantly evaluating the threat landscape to evolve our programs and listening to feedback from researchers to help make it easier to share their research. This year, we launched six new bounty programs and two new research grants, attracting over 1,000 eligible reports from over 300 researchers across 6 continents. In addition to the new bounty programs, COVID-19 social distancing appears to have had an impact on security researcher activity; across all 15 of our bounty programs we saw strong researcher engagement and higher report volume during the first several months of the pandemic.

New and Updated Bounty Programs

New Research Programs:

Thank you to everyone who shared their research with Microsoft this year, and for their participation in Microsoft’s Bounty Programs. Millions of customers, and the broader ecosystem, are more secure thanks to their efforts.

Jarek Stanley, Lynn Miyashita, Sylvie Liu, and Chloé Brown
Microsoft Security Response Center

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads