Microsoft paid more than $28,000 in rewards to researchers for its first bug bounty program, a one-month special it ran during the summer for the preview version of Internet Explorer 11.
From Computerworld:
From Computerworld:
While Microsoft trumpeted the amount, it was actually only $1,000 more than Google paid outside researchers last week for reporting flaws in the latest version of the search company's Chrome browser, and about 10% of what Google has forked over so far this year to security researchers. "The amount of money really only matters if their offer was way off base from other programs," said Andrew Storms, director of DevOps at cloud security vendor CloudPassage. "They [only] have to pay enough to entice people to report the bugs. On the other hand, those people who are more prone to sell their vulnerabilities on the black market are still going to do so."Microsoft pays out $28K to IE bug hunters in its first-ever bounty program