Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Microsoft's Bug Bounty Program Will Pay Players To Find Security Flaws In Xbox Live

Illustration for article titled Microsofts Bug Bounty Program Will Pay Players To Find Security Flaws In Xbox Live

Xbox Live has never suffered a major hack, and Microsoft would like to keep it that way, in part by rewarding people who report vulnerabilities in the gaming network with cash.

Advertisement

“The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team,” the company stated yesterday on the new program’s launch page. “Qualified submissions are eligible for bounty rewards of $500 to $20,000 USD.”

To be eligible for the rewards, submissions will need to meet two criteria. First, the reported vulnerability needs to be original and reproducible in the latest version of Xbox Live. Second, it needs to include a clear guide for how Xbox Live network engineers can replicate the issue.

Advertisement

More severe issues, like being able to remotely execute code, have the potential to net the largest payouts, while spotting issues related to general tampering or the disclosure of network information are on the lower end. Interestingly, the quality of the report has a huge impact on the reward, with “low quality” ones cutting potential prizes in half. In other words don’t turn in sloppy homework.

While this is the first time Microsoft has rolled out a bug bounty for Xbox Live, The Verge reports the company’s had one in place for Windows since 2017. Other video game companies like Valve and Rockstar Games also have similar programs, as do the other console manufacturers.

Nintendo’s maximum payout for its bounty program is also $20,000, although no one has yet collected that much. Sony, on the other hand, only gives out t-shirts that say “Secure@Sony Finder” on them. Notably it was Sony’s PlayStation Network that went down for 23 days after the service was hacked in 2011. 

Kotaku staff writer. You can reach him at ethan.gach@kotaku.com

Share This Story

Get our newsletter

DISCUSSION

legionninja
techinsanity2011

I’d give any amount of money if they could figure out a way for people to “turn themselves in” when they inadvertently break the rules of XBL. I don’t know how many times I’ve done something that broke the rules but haven’t had any action taken. All I know is that if I had a nickel for how many times it has happened, I’d be rich.