August 6, 2024 at 11:30AM
In 2023, Samsung paid nearly $5 million through its bug bounty program, with $828,000 disbursed. 113 researchers received rewards for reporting vulnerabilities in Galaxy mobile devices. The highest single reward of over $57,000 went to TASZK Security Labs. Samsung also increased the maximum reward to $1 million and introduced bonus rewards for high-quality reports.
From the meeting notes, it appears that both Samsung and Microsoft have been actively involved in their bug bounty programs. Samsung has paid out nearly $5 million since 2017, with $828,000 in 2023. They rewarded 113 researchers in 2023, with the highest single reward exceeding $57,000 given to TASZK Security Labs. Samsung has also announced bonus rewards for high-quality vulnerability reports, increasing the maximum reward to $1 million. It specified different reward amounts for various types of exploits, all part of Samsung’s Important Scenario Vulnerability Program.
On the other hand, Microsoft has paid out roughly $16.6 million over the past year, bringing the total awarded since 2018 to $75.5 million.
It seems that both companies are actively encouraging security researchers to responsibly disclose vulnerabilities and rewarding them generously for doing so.