Microsoft has launched the Xbox Bounty Program, inviting gamers, security specialists, and anyone else who is willing to help identify security vulnerabilities in the Xbox Live Network to send their findings to the Xbox team. Submissions that meet the eligibility requirements could be awarded anywhere from $500 to $20,000. The size of the reward will be dependant on the extent of the vulnerability that has been found.
The goal of the program is to “uncover significant vulnerabilities that have a direct and demonstrable impact on the security of Microsoft’s customers,” according to the official Microsoft Xbox Bounty Program website.
To be eligible, submissions need to identify previously unreported vulnerabilities in the latest version of the Xbox Live network and services. They will also need to include clear instructions on how to replicate the vulnerability.
The types of vulnerabilities that Microsoft is interested in finding include remote code execution, spoofing, tampering, denial of service, and elevation of privilege. Depending on the severity of the vulnerability, and the bracket it falls into, it could net up to $20,000 for the people who find it.
This is certainly not the first time Microsoft has used crowd-sourced findings to help improve their services, as the company has many active bug bounty programs. With so many customers who work in technical fields, it makes a lot of sense for the company to offer incentives to people who spend a lot of time with their technology to explore it a little further, and possibly find something that provides a more secure service for their fellow gamers.
