Microsoft to pay cash bounties on Xbox bugs

(Image credit: Micosoft)

Microsoft has announced the launch of an official bug bounty program for Xbox in an effort to improve the gaming platform's network and services.

The software giant has said that it will pay anywhere from $500 to $20,000 for vulnerabilities discovered in the platform's online service Xbox Live.

While security researchers typically have the most to gain from bug bounty programs, Microsoft has said that anyone, regardless of their position, can submit vulnerabilities to its new program.

In a blog post announcing the Xbox Bounty program, program manager at the Microsoft Security Response Center (MSRC), Chloé Brown explained that to be eligible, submissions will require a proof of concept (POC) that is easily understandable, saying: 

“The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”

Xbox Bounty program

Microsoft's latest bug bounty program will cover the Xbox Live cloud backend infrastructure and vulnerabilities that allow for remote code execution will have the highest payouts at up to $20,000. Escalation of privilege flaws can earn security researchers up to $8,000 and flaws that allow a user to bypass security features are worth $5,000.

The new Xbox Bounty program also comes with some restrictions. For instance, Microsoft will prohibit and automatically disqualify anyone who attempts to phish or social engineer Xbox users and engineers while searching for bugs as well as anyone who moves laterally inside the Xbox network beyond what is needed to prove a vulnerability's impact. Downloading or accessing sensitive Xbox user data is also prohibited under the program's rules.

The Xbox platform was first announced at E3 before it was released in October of 2012. A year later, Microsoft created its first bug bounty program but it only applied to Windows and the company's other software.

The Xbox Bounty program is a win for Microsoft as well as for consumers who will benefit from a smoother and more secure online experience while playing games on the company's consoles.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.