​Finding bugs at Microsoft: It paid $13 million in one year


You won’t get rich very quickly, but if you have a great interest in computers, programming languages ​​and little need for sleep, then you can consider becoming a bug hunter as a hobby. You will look for weaknesses in the software of well-known companies, which will reward you considerably if you find something.

Bug Bounty Programs

Of course, this is not an easy task, because large companies all employ ethical hackers. They try all day long for charity to hack into the systems of those companies. Everything to make sure that malicious hackers don’t run off with customer data, company secrets or large sums of money.

In addition to companies that employ their own hackers, there are more initiatives that try to keep malicious people out. These are called bug bounty programs. A bug, so a vulnerability or flaw in software, and a bounty, not a chocolate bar with coconut, but a bounty. Just like a cowboy used to look for people who wanted the sheriffs dead or alive with a wanted poster in hand, hackers set to work with the promise of big money.

Microsoft has a well-known bug bounty program. Hackers manage to find the company, not only by really hacking into Outlook as they did earlier this year, but also by hacking something and notifying Microsoft. Not only from the bottom of their hearts, but also because sometimes hefty sums are spent to thank hackers for their hard work.

From July 2020 to June 2021, Microsoft paid out a whopping $13.6 million to people who found a bug. 341 ‘researchers’ were rewarded. On average, a researcher received more than $10,000 per bug. The highest reward paid out was $200,000.

It is a large number and that is also important, because the number of attacks has grown enormously, partly due to the corona virus. Still, Microsoft hasn’t necessarily spent more on bug bounty programs. 100,000 dollars less even. There were also fewer researchers who received a reward, so that the amount per person was higher.

Leave A Reply

Your email address will not be published.