New ‘Xbox Bounty’ program to award up to $20,000 for security flaws
Microsoft announced the Xbox Bounty program today. The program aims to find security vulnerabilities within the Xbox network. People can earn rewards between $500 and $20,000 for finding and documenting vulnerabilities. Microsoft outlines the new program in a blog post.
In the program’s announcement post, Microsoft “invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services.”
The program’s page breaks down what constitutes an eligible submission and what rewards people will receive for finding different vulnerabilities. For example, reporting a spoofing attack could lead to a reward of up to $5,000, and reporting a remote code execution exploit could lead to a reward between $10,000 and $20,000.
Microsoft explains that high-quality reports include “information necessary for an engineer to quickly reproduce, understand, and fix the issue.” These could include a concise write-up or a video, a description, and attached proof of concept.
Bounty programs like this aren’t new for Microsoft. Microsoft had a bug bounty program for vulnerabilities like Meltdown and Spectre in 2018 and has similar programs for other technologies. Bounty programs allow Microsoft to combine its own internal testing with the knowledge and fresh set of eyes that the public provides.
Still the one
Xbox One S
Xbox One S scores for gamers and streamers.
The Xbox One S is a sleek and convenient way to get into console gaming and 4K media streaming. It has a 4K UHD Blu-ray player and support for the latest Xbox titles.