Microsoft has announced the beginning of its Xbox Bounty Program, which rewards players for helping find and fix major security flaws in its systems.
Microsoft always says it takes its security seriously, and now the company has confidently stated they will begin paying players to hack their Xbox One systems. Bug bounties, as they are often called, are a popular way for companies to easily find flaws in their software and hardware, with actual users doing all the hard work for them. This allows companies to save money on researching issues while still getting the job done with the help of people who use the products on a regular basis. Rewards for finding problems vary based on the severity of the issue, the company, and many other factors – but Xbox One players can buy a lot of games with what Microsoft is offering.
Many companies offer at times hefty rewards for catching major bugs or security vulnerabilities in websites, video games, and more. Nintendo, for instance, offers up to $20,000 for catching flaws in its systems and games, and Verizon paid hackers $5 million in 2018 alone. The U.S. Department of Defense saved itself $850,000 that would have otherwise been spent on a security audit in 2016 after hackers helped catch 138 major vulnerabilities in exchange for a $150,000 payout. Sony, whose PSN network was down due to serious security flaws in 2011, offers hackers some profile swag and a t-shirt.
The Verge reports, along with the previous Nintendo and Sony statistics, that Microsoft has now announced a new Xbox Bounty Program, which rewards hackers for detecting issues from as little as $500 to as much as $20,000, depending on how critical the issue at hand is and how thorough of a report is filed. While some submissions are ineligible for financial rewards, Microsoft says the hacker’s hard work may still be acknowledged in some way if the report leads to a fix.
This program is open to anyone who possesses the necessary bug-hunting talents to help Microsoft identify and fix issues. The person who finds these issues will need to submit their report with a write-up or a demonstration of the issue. Microsoft aims to target remote code execution, spoofing, elevation of privilege, and other major flaws rather than DDoS attacks – the sort of attack that brought Sony to its knees in 2011 – or social engineering attacks. The company also offers up to $250,000 for exposing Windows 10 security issues.
Microsoft’s generous bug bounty program, unlike Sony’s t-shirt giveaway, shows they are serious about keeping players from experiencing or exploiting major issues. Microsoft is moving into cloud gaming and planning the launch of a new Xbox system, and this program will help ensure both are as safe from tampering as they should be.