Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on January 31, 2020

Microsoft is offering up to $20,000 to researchers who find bugs in Xbox

The bounties start from $500


Microsoft is offering up to $20,000 to researchers who find bugs in Xbox

Microsoft is handing out up to $20,000 to security researchers who can unearth vulnerabilities in Xbox.

The Windows-maker announced it’s launching a bounty program specifically for its gaming console. To be eligible for a reward, researchers must identify a flaw in the Xbox Live networks and services which can be reproduced in the “latest, fully patched” version of the platform.

Bounties will be awarded at Microsoft’s discretion based on the severity and impact of the vulnerability and the quality of the submission [sic],” the announcement reads. Of course, you’ll also have to satisfy the program’s terms and conditions.

[Read: This hacker made $120K in a week by finding bugs in EOS cryptocurrency]

Currently, bounties range between $500 and $20,000, but Microsoft says higher rewards aren’t out of the question. For instance, catching a critical remote code execution flaw will earn you anything between $10,000 and $20,000, based on the quality of your report.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

A high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue,” Microsoft explains. “This typically includes a concise write up or video containing any required background information, a description of the bug, and an attached proof of concept (PoC).”

In case you were hoping identifying shortcomings in the platform could be your ticket to a free console or an Xbox Live subscription, you’re out of luck. “[C]onsoles will not be provided for testing purposes,” the announcement clarifies. The same goes for paid accounts.

Hunting for bug bounties can be a lucrative business. Google revealed that last year alone it dished out over $6 million in prize money across its line of products. Considering Microsoft has no ceiling on the amount of qualified reports a researcher can submit, that could mean a hefty payday.

Those interested in a deeper look at the full terms and conditions can head to this page.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top