Microsoft recently admitted that it paid around $4.4 million to hackers as bug bounties in the past 12 months. The technology giant confirmed this at the Black Hat 2019 security event in Las Vegas.
Most large organizations usually conduct bug bounties for finding potential vulnerabilities in their systems, which can be fixed before attackers can exploit these. The bug bounties offer fiscal rewards to hackers for finding technical flaws, making it a win-win situation for both.
But Microsoft is not the first big tech company to offer bug bounties.
Recently, Google announced the increase in bug bounty rewards, making them more lucrative to security researchers. The company stated that it has raised the bounties for Chrome and Google Play bugs.
Google launched the vulnerability rewards program in 2010 and provides cash rewards to security researchers who report vulnerabilities in Google code. The company stated that they’ve received around 8,500 vulnerability reports and paid rewards over $5 million (£4 million).
According to Google’s Chrome security experts Natasha Pabrai and Andrew Whalley, the company has doubled the maximum reward on High-Quality Reports from $15,000 (£12,000) to $30,000 (£24,000) and tripled the baseline reward amount from $5,000 (£4 million) to $15,000 (£12,000) for good measure.
“Today, we’re delighted to announce an across the board increase in our reward amounts! Full details can be found on our program rules page, but highlights include tripling the maximum baseline reward amount from $5,000 to $15,000 and doubling the maximum reward amount for high-quality reports from $15,000 to $30,000. The additional bonus given to bugs found by fuzzers running under Chrome Fuzzer Program is also doubling to $1,000,” Google said in an official post.