BOOK THIS SPACE FOR AD
ARTICLE ADJohn Leyden 05 August 2020 at 12:10 UTC
Lockdown resulted in surge in reports, says software giant
Microsoft has awarded $13.7 million in bug bounties over the last year, more than three times the $4.4 million earned by security researchers over the preceding 12-month period.
A year-in-review report from Microsoft, published on Tuesday (August 4), reveals that the spoils from the discovery of vulnerabilities in the company’s technology were split between 327 researchers.
Redmond said that over the last 12 months it had launched six new bug bounty programs that attracted more than 1,000 eligible reports. Microsoft is running a total of 15 eligible programs.
RECOMMENDED Black Hat USA: Your guide to the top web hacking sessions in 2020
New bug bounty programs include the Azure Security Lab, Microsoft Edge on Chromium Bounty Program, and the Election Guard Bounty Program. On the consumer front, Microsoft also launched an Xbox Bounty Program.
The enterprise software firm also launched two new research grants, including an Identity Research Grant. With an eye to the future, Microsoft is also bolstering its research efforts into machine learning and artificial intelligence.
Covid-19 catalyst
With much of the world forced into lockdown in response to the coronavirus pandemic, researchers have upped the ante in their hunt for bugs in Microsoft’s technology.
“Covid-19 social distancing appears to have had an impact on security researcher activity; across all 15 of our bounty programs we saw strong researcher engagement and higher report volume during the first several months of the pandemic,” a blog post by Microsoft explains.
Katie Moussouris, the security researcher who established Microsoft’s bug bounty program back in 2013 before founding Luta Security, expressed reservations about the extent to which higher bug bounty payouts will improve security for Microsoft.
“I worry about perverse incentives creeping into bounties as prices soar, making recruitment & retention of in-house preventers of bugs more expensive,” Moussouris said in an update on Twitter.
“ROI is higher in internal investment than bounty,” she added.
READ MORE Bug Bounty Radar // July 2020