Microsoft has awarded security researchers $13.7 million for reporting software bugs since July 2019, which is triple the $4.4 million payments for the previous year, and double Google's 2019 payouts.
Vulnerabilities reported to software vendors via bug-bounty programs can help reduce zero-day exploits, which can compromise systems before a vendor releases a patch. The Google Project Zero bug-hunting squad said Microsoft's extra payouts could be warranted, as Microsoft software hosted four of 11 zero-day vulnerabilities exploited in the wild in the first half of 2020. These included an Internet Explorer flaw patched in February, and three Windows memory-corruption bugs that were exploited before patches were issued.
Microsoft said it raised payouts because it launched six new bounty programs and two new research grants, which drew more than 1,000 eligible reports from over 300 researchers. The company also suggested that pandemic-related social distancing sparked increased security research.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA