Microsoft has just launched a bug bounty program for its Xbox, and it is ready to pay up to $20,000 for some of the most serious vulnerabilities that participants may uncover.
Yesterday, Microsoft announced a new bug bounty program’s official launch, aiming to cleanse its Xbox gaming platform from all flaws, bugs, and vulnerabilities that can be found. The company announced that anyone is allowed to join and submit vulnerabilities, be they a trained security expert or a gamer.
In return for unknown flaws, the company stated that it plans to pay between $500 and $20,000 per reported bug, depending on the severity and impact of the vulnerability, but also the quality of the submission.
Microsoft Security Response Center’s Program Manager, Chloe Brown, stated that submissions need to include a clear and concise PoC in order to be considered eligible. In other words, anyone reporting the bug needs to be able to show its impact, and let the Xbox team reproduce the flaw before fixing it.
The bug bounty program will focus on any vulnerability that hackers and security experts can fins in the Xbox Live network and services, including the cloud backend infrastructure. However, according to the program, there will be some restrictions, as well.
For example, Microsoft will not allow participation of anyone who might attempt to social engineer or phish Xbox engineers and users. The discovery of any such behavior will lead to automatic disqualification. The same is true for anyone who tries to download or access sensitive Xbox user data, or even tries to move beyond the minimally needed access to prove the existence of the flaw.
The bug bounty program is likely to see quite a few flaws found, considering that the Xbox platform has been around for almost 8 full years now, and this is the first time that it will be a subject of a bug hunt. Previously, Microsoft organized multiple bug bounties, although it only focused on the Windows OS, the Office suite, Edge, and its predecessor, the IE browser.
Images are courtesy of Shutterstock, Twitter, Pixabay.