Home > Media News >
Microsoft is launching a brand new Xbox Bounty Program to reward players, safety researchers, and anybody else who discovers safety vulnerabilities within the Xbox Reside community and providers. Bounty rewards will vary from $500 as much as $20,000, and Microsoft notes there may even be increased payouts relying on the standard of the report and the vulnerability affect.
The largest payouts can be handed out for essential distant code execution and elevation of privilege flaws, whereas safety function bypasses, data disclosure, spoofing, and tampering will all embody rewards as much as $5,000. As Microsoft is opening this as much as players and anybody who has the abilities to seek out flaws, it’s anticipating high-quality stories with an in depth write-up or video demonstration, and a transparent proof of idea. Microsoft isn’t in search of individuals to carry out DDoS testing, social engineering assaults, or going too far on server-side execution points.
Microsoft has run bug bounty applications for plenty of its merchandise through the years, together with payouts of as much as $250,000 for Home windows 10 safety bugs. This new Xbox Bounty Program comes simply as Microsoft prepares to launch its Xbox Sequence X console and xCloud sport streaming service. Each will function on the Xbox Reside community. Sony and Nintendo additionally settle for safety bug stories, with Nintendo rewarding as much as $20,000 and Sony solely offering a t-shirt as recognition.
Microsoft explains that high-quality reports include "information necessary for an engineer to quickly reproduce, understand, and fix the issue." These could include a concise write-up or a video, a description, and attached proof of concept.
Bounty programs like this aren't new for Microsoft. Microsoft had a bug bounty program fro vulnerabilities like Meltdown and Spectre in 2018 and has similar programs for other technologies. Bounty programs allow Microsoft to combine its own internal testing with the knowledge and fresh set of eyes that the public provides.