Microsoft has awarded $13.6 million to security researchers under it bug bounty program in the past 12 months alone.
The tech giant, which runs a number of technology-specific programs under the umbrella of its coordinated vulnerability disclosure (CVD) program, revealed the figure in a blog post.
Its single highest reward was $200k, which was handed out for the discovery of vulnerabilities in its Hyper V program.
Microsoft also revealed that in the past year, security researchers netted an average of $10k per report.
Payouts
The rewards were given to more than 340 security researchers across 58 countries, said Microsoft, adding that 1,200 of the reports it received were eligible for a payout.
Microsoft said the sheer volume of reports reflects the “talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment”.
The company also said that it is “constantly evaluating” the threat landscape in order to makes changes to the program and respond accordingly.
“This year, we introduced new challenges and scenarios to award research focused on the highest impact to customer security,” said Microsoft.
“These focus areas helped us not only discover and fix risks to customer privacy and security, but also offer researchers top awards for their high-impact work.”
