Microsoft has announced an official bug bounty program for its Xbox gaming platform. Starting today, the company will pay anything between $500 to $20,000 to developers who discover vulnerabilities in Xbox Live and services.
The program is open for developers all around the world regardless if they are gamers or trained security experts. The company has also said that there can be higher payouts in case someone submits a very high impact report and vulnerability.
According to Chloé Brown, Program Manager at the Microsoft Security Response Center (MSRC), every report should have a clear and concise proof of concept since this proof will be needed to demonstrate the bug’s impact. It will also help the Xbox team reproduce the vulnerability before fixing the reported issue.
The announcement says that the biggest payouts will be given for the elevation of privilege flaws as well as critical remote code execution. While security feature bypasses, information disclosure, spoofing, and tampering vulnerabilities will be eligible for payouts as much as $5,000. The company is clearly expecting high-quality reports pointing to major flaws in the system. It is not asking developers, gamers and security engineers to perform DDoS testing and social engineering attacks.
Over the years, Microsoft has been performing bug bounty programs for a number of its services and has given out payouts as high as $250,000 for Windows 10 security bugs. This new bounty program has been launched just as the company is working on preparing the Xbox Series X console and xCloud game streaming service.