Microsoft’s bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond.
While these days, the vulnerability disclosure and reward program seems like a no-brainer for a huge software concern, ten years ago “the bug bounty initiative was not free from internal resistance,” recalled Aanchal Gupta, Microsoft corporate VP and deputy CISO.