Microsoft to pay cash bounties on Xbox bugs

Xbox Series X

Xbox Series X

While this is the first time Microsoft has rolled out a bug bounty for Xbox Live, The Verge reports the company's had one in place for Windows since 2017.

Xbox Live has never suffered a major hack, and Microsoft would like to keep it that way, in part by rewarding people who report vulnerabilities in the gaming network with cash. And while the program covers quite a few different types of vulnerabilities, some things are out of scope, such as DDoS issues and URL Redirects.

According to Chloé Brown, Program Manager at the Microsoft Security Response Center (MSRC), eligible submissions must include "a clear and concise proof of concept (POC)".

The top prize listed to date is reserved for a critical "remote code execution".

While security researchers typically have the most to gain from bug bounty programs, Microsoft has said that anyone, regardless of their position, can submit vulnerabilities to its new program.

The Xbox platform has been around since 2012.

Fox Accused of Scuttling Super Bowl Commercial
PETA is claiming that its numerous requests to run the ad either before or after the game in local FOX markets have been ignored. However, PETA believes otherwise and knows the power & influence of the NFL.

A lot of modern games require a full internet connection to work, with popular titles like Call of Duty, Fortnite and Apex Legends largely based around an online-multiplayer component.

To be eligible for the rewards, submissions will need to meet two criteria.

The Xbox team will reward you based on report quality, and the level of impact the reported vulnerability has.

Microsoft runs similar bug programs for other products, including its suite of cloud services.

The CVD states that the researcher discloses the vulnerability privately to the vendor.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.