Microsoft has handed out US$13.7 million in “bounty” to a global army of cyber security hackers for uncovering bugs.
Paid over the last 12 months, the figure is more than three times the US$4.4 million the technology giant awarded over the same period last year.
During this year, Microsoft launched six new bounty programs and two new research grants, which it claims attracted more than 1,000 eligible reports from over 300 researchers across six continents.
Microsoft has 15 bounty programs in total and said it saw strong researcher engagement and higher report volume during the first several months of the COVID-19 pandemic.
“The security landscape is constantly changing with emerging technology and new threats. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), security researchers have continued to help us secure millions of customers,” the vendor said in a blog post.
Widely used by technology vendors, including Atalassian, bug bounty platforms connect security researchers with organisations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty).
Earlier this year, Microsoft called on security research community to help identify and fix high impact vulnerabilities in its Azure Sphere internet of things (IoT) security solution, which has been released into general availability.