Microsoft is handing out up to $20,000 to security researchers who can unearth vulnerabilities in Xbox.
The Windows-maker announced it’s launching a bounty program specifically for its gaming console. To be eligible for a reward, researchers must identify a flaw in the Xbox Live networks and services which can be reproduced in the “latest, fully patched” version of the platform.
“Bounties will be awarded at Microsoft’s discretion based on the severity and impact of the vulnerability and the quality of the submission [sic],” the announcement reads. Of course, you’ll also have to satisfy the program‘s terms and conditions.
Currently, bounties range between $500 and $20,000, but Microsoft says higher rewards aren’t out of the question. For instance, catching a critical remote code execution flaw will earn you anything between $10,000 and $20,000, based on the quality of your report.
“A high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue,” Microsoft explains. “This typically includes a concise write up or video containing any required background information, a description of the bug, and an attached proof of concept (PoC).”
In case you were hoping identifying shortcomings in the platform could be your ticket to a free console or an Xbox Live subscription, you’re out of luck. “[C]onsoles will not be provided for testing purposes,” the announcement clarifies. The same goes for paid accounts.
Hunting for bug bounties can be a lucrative business. Google revealed that last year alone it dished out over $6 million in prize money across its line of products. Considering Microsoft has no ceiling on the amount of qualified reports a researcher can submit, that could mean a hefty payday.
Published January 31, 2020 — 12:21 UTC