Security News > 2023 > November > Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade - with $60 million awarded to bug hunters in the past five years alone, according to Redmond.

She credited Katie Moussouris, who played a key role in convincing Redmond's top brass that Microsoft needed a bug bounty program - despite execs vowing never to pay researchers for bugs.

Once Microsoft started a bug bounty program, the Pentagon took note.

To make software and hardware products more secure, Moussouris wants to see a "Concrete feedback loop," with bug bounty learnings feeding back into organizations' secure development life cycles.

"There has to be things like: did we reduce or eliminate classes of vulnerabilities? That's a metric that would show you are connecting the dots between the bug bounty program and your secure development lifecycle," Moussouris explained.

"Attacks are on the rise. That's not going to change. How are you using your bug bounty program to shape your live incident response and make it more efficient?" .

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/22/microsofts_bug_bounty_moussouris/