Sunday, May 18, 2025
HomeBug BountyBug Bounty Program: Microsoft Rewarded $13.8M for 345 Security Researches

Bug Bounty Program: Microsoft Rewarded $13.8M for 345 Security Researches

Published on

SIEM as a Service

Follow Us on Google News

Microsoft Bug Bounty Program awarded $13.8M for their collaboration with over 345 security researchers from +45 countries around the world between July 01, 2023, to June 30, 2023.

Bug Bounty Programs authorize independent security experts to report bugs to a company in exchange for rewards or compensation. 

These bugs can include security exploits, vulnerabilities, process issues, hardware flaws, etc. It is also known as a vulnerability rewards program (VRP).

- Advertisement - Google News

Bug bounty programs allow companies to leverage the hacker community to improve their systems’ security posture over time.

Larger companies, including Apple, use bug bounty programs as a part of their security program.

These programs have access to a larger number of hackers or testers, thereby increasing the chances of finding bugs before malicious hackers attempt to exploit them.

The bounty programs are spread across cloud, platform, and Defense & Grant programs such as Microsoft Azure, Xbox, Microsoft Dynamics 365 and Power Platform, M65, and more.

Each program has its own scope, eligibility criteria, award range, and submission guidelines.

Bug Bounty Program in the Past 12 Months

  • Intune Bug Bounty research invitation challenge July 2022
  • New high-impact research scenarios added to the Microsoft 365 Insider Builds on Windows Bounty Program January 2023
  • Microsoft Teams Preview Bug Bounty research invitation challenge January 2023
  • New Bing Bug Bounty research invitation challenge March 2023
  • New severity classification for Online Services added to the Microsoft 365 Bounty Program April 2023
  • New scope added to the Identity Bounty Program June 2023
  • Secure boot research scenarios added to Windows Insider Preview Bounty Program July 2023

“In the coming year, we will continue to improve our programs based on your feedback. We appreciate our global security research community for their ongoing partnership and for sharing their expertise to help secure millions of Microsoft customers.

We look forward to strengthening our existing relationships and building new ones”, said the Microsoft Bug Bounty Team.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...