Thursday, May 1, 2025
HomeBug BountyBug Bounty Program: Microsoft Rewarded $13.8M for 345 Security Researches

Bug Bounty Program: Microsoft Rewarded $13.8M for 345 Security Researches

Published on

SIEM as a Service

Follow Us on Google News

Microsoft Bug Bounty Program awarded $13.8M for their collaboration with over 345 security researchers from +45 countries around the world between July 01, 2023, to June 30, 2023.

Bug Bounty Programs authorize independent security experts to report bugs to a company in exchange for rewards or compensation. 

These bugs can include security exploits, vulnerabilities, process issues, hardware flaws, etc. It is also known as a vulnerability rewards program (VRP).

- Advertisement - Google News

Bug bounty programs allow companies to leverage the hacker community to improve their systems’ security posture over time.

Larger companies, including Apple, use bug bounty programs as a part of their security program.

These programs have access to a larger number of hackers or testers, thereby increasing the chances of finding bugs before malicious hackers attempt to exploit them.

The bounty programs are spread across cloud, platform, and Defense & Grant programs such as Microsoft Azure, Xbox, Microsoft Dynamics 365 and Power Platform, M65, and more.

Each program has its own scope, eligibility criteria, award range, and submission guidelines.

Bug Bounty Program in the Past 12 Months

  • Intune Bug Bounty research invitation challenge July 2022
  • New high-impact research scenarios added to the Microsoft 365 Insider Builds on Windows Bounty Program January 2023
  • Microsoft Teams Preview Bug Bounty research invitation challenge January 2023
  • New Bing Bug Bounty research invitation challenge March 2023
  • New severity classification for Online Services added to the Microsoft 365 Bounty Program April 2023
  • New scope added to the Identity Bounty Program June 2023
  • Secure boot research scenarios added to Windows Insider Preview Bounty Program July 2023

“In the coming year, we will continue to improve our programs based on your feedback. We appreciate our global security research community for their ongoing partnership and for sharing their expertise to help secure millions of Microsoft customers.

We look forward to strengthening our existing relationships and building new ones”, said the Microsoft Bug Bounty Team.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Latest articles

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Quantum Computing and Cybersecurity – What CISOs Need to Know Now

As quantum computing transitions from theoretical research to practical application, Chief Information Security Officers...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...