Between July 1, 2020, and June 30, 2021, Microsoft paid out $13.6 million to researchers who discovered vulnerabilities in the company’s programs and products. The biggest single reward paid out to a report (from a total pool of 1,261 eligible reports) was $200,000. As you might imagine, Microsoft is very grateful for everyone who saved it from potentially embarrassing incidents.
You can read the full bug bounty program year-in-review writeup over at Microsoft’s Security Response Center, though the aforementioned items are the major takeaways from its report (via ZDNet). And if you want a shot at making some bank yourself, check out Microsoft’s bounty program page, where you can submit security vulnerabilities you’ve detected in the hopes of collecting a sweet, sweet paycheck from Microsoft.
Take, for example, Microsoft’s maximum payout for Xbox. If you detect a bug with Xbox Live, you can earn up to $20,000 from Microsoft as a reward! Never mind the fact that some guy who also detected an Xbox-related bug and chose not to report it ended up making $10 million off his discovery. If you do the right thing (as determined by most countries’ legal systems and societal morals), it might make you less money, but you’ll at least avoid going to prison and getting deported. Do svidaniya, Volodymyr Kvashuk.
In all seriousness, the payouts may seem small relative to the number of headaches a bug hunter is possibly sparing Microsoft. If you’ve been following the PrintNightmare issue, it’s not hard to imagine what the company would give to have avoided that situation entirely. Now consider the idea of saving the company’s Azure infrastructure for a maximum reward of $40,000 or Windows 11 for $200,000.
Alternatively, you can do all of this bug bashing in the pursuit of badges and achievements.
We may earn a commission for purchases using our links. Learn more.