Microsoft is prepared to pay gamers up to $20,000 to find vulnerabilities in the Xbox Live network via the newly launched Bounty Program.
Microsoft is prepared to pay gamers up to $20,000 to hack the Xbox Live network. The Xbox Bounty program, which launched yesterday, asks ‘gamers, security researchers, and others around the world’ to go to town on the Xbox online ecosystem in search of security vulnerabilities.
Microsoft explains that it will reward bounties of $500 to $20,000 for successful submissions. These waver based on the severity of the vulnerability and the quality of the submission.
Those that unearth multiple vulnerabilities may also be eligible for multiple rewards. Microsoft hasn’t imposed a limit to the number of bounties a participant can receive.
Microsoft notes that not all submissions are eligible for a reward, though, even if they lead to a fix. The tech giant says that in such cases, participants may, instead, receive a public acknowledgment.
The submission process ask participants to do the following;
Identify a previously unreported vulnerability that reproduces in our latest, fully patched version of Xbox Live network and services at the time of submission.
Include clear, concise, and reproducible steps, either in writing or in video format.
We advise interested parties to visit the official Xbox Bounty Program website (Microsoft) for the full list of rules governing testing and the submission process. These are strict, presumably to weed out opportunists eager to make a quick buck.
Only a limited number of vulnerabilities are what Microsoft calls ‘in-scope.’ For example, the program prohibits Denial of Service attacks, phishing, and accessing customer data. Additionally, Microsoft will only dish out the most substantial bounties to high-quality reports that include a proof of concept.
In a press release published in tandem with the launch of the Xbox Bounty Program (Microsoft), Microsoft explains;
The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities which have a direct and demonstrable impact on the security of Xbox customers.
There’s no cut-off date for submissions to the Xbox Bounty Program according to the details shared by Microsoft. Whether the program continue to run when the Xbox Series X hit later this year is unclear.