Microsoft will pay up to $20,000 to people who find problems with Xbox Live as part of new bug bounty programme

Microsoft has launched a new programme that will pay up to $20,000 to people who find problems with Xbox Live.

The Xbox bounty programme aims to identify security vulnerabilities in the online gaming service so they can be fixed. It will do so by offering an incentive to people who find them and inform Microsoft, rather than exploiting them themselves.

The biggest payouts will go to gamers and security researchers who find issues that could be exploited in the most damaging ways, such as those that allow hackers access to the central parts of the Xbox. Those who find smaller bugs may only receive $500.

The launch of the Xbox bounty programme comes as Microsoft gears up for the launch of Xbox One X and the xCloud online streaming service. Both of those will be run on Xbox Live, and so the bounty programme will continue as those new consoles and services launch.

Unlike some other bug bounty programmes, Microsoft is explicitly targeting “gamers” and asking them to see if they can find issues. As such, the company is asking for detailed submissions from anyone trying to score the $20,000.

Anyone reporting a bug will have to send a “a clear and concise proof of concept”, such as a video demonstrating the issue and how it can be exploited.

Microsoft will continue to work to find bugs on its own, as it has until now, it said.

“The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities which have a direct and demonstrable impact on the security of Xbox customers,” wrote Chloé Brown from Microsoft’s security team.

“Public bounty programmes are a valuable approach which combine with ongoing internal testing, private programs and knowledge shared by partners to produce a secure ecosystem to play in.”


READ  Coronavirus UK: Why do people think 5G is responsible for the Covid-19 pandemic?


Please enter your comment!
Please enter your name here