Microsoft is willing to pay up to $20,000 to persons who report bugs found in Xbox Live's network or services. The company has set up a new Xbox Bounty program which will reward users with cash for pointing vulnerabilities out.
While you could net a cool $20K for a big find, most of the cash rewards will come in the form of $500 sums as the company has its own maintenance people who will likely detect the bigger chinks in the armor. Of course, it's very possible that something really concerning slips through undetected, which is where outside folk come in.
The company's Security Response Center announced the news regarding the Bounty system last week, inviting gamers, security researchers, and basically anyone from anywhere to help with the identification of flaws.
"The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in Xbox Live's network and services and share them with the Xbox team," it reads. "Qualified submissions are eligible for bounty rewards of $500 to $20,000 USD.
"Bounties will be awarded at Microsoft’s discretion based on the severity and impact of the vulnerability and the quality of the submission, and subject to the Microsoft Bounty Terms and Conditions."
For a submission to be considered eligible, it must point to a previously unreported vulnerability manifesting in the latest full patch of Xbox Live network and services at the point it's submitted. Submissions must be either in writing or video format and must outline reproducible steps clearly.
"The goal of the bug bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of Microsoft’s customers."
Bounty awards range from $500 to $20,000 but Microsoft notes that payments could possibly exceed $20K depending on the quality of the report and the potential impact of the vulnerability. Any awards above the $20,000 mark will be at the company's sole discretion.
According to the guidelines, only certain bugs on the list qualify for a payout so, if you're interested, ensure to read the rules carefully. Bug reports that don't warrant a payout could prompt public acknowledgment if they lead to a fix.
Source: Microsoft