Xbox will give you up to $20,000 for finding bugs

This week, Microsoft introduced an exciting initiative to help identify bugs within the Xbox Live network. Gamers and researchers can earn between $500 to $20,000 if they successfully report vulnerabilities in the system.

Xbox Phil Spencer
Xbox CEO Phil Spencer will hope to have less bugs within his company’s network as he prepares for a busy decade ahead. Photo: Xbox

A lot to cover

Microsoft shares that the bounties will be awarded at the discretion of the company. They will be based on the quality, severity, and impact of the submission.

Examples of vulnerabilities that can lead to rewards if found include:

  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)
  • Insecure direct object references
  • Insecure deserialization
  • Injection vulnerabilities
  • Server-side code execution
  • Significant security misconfiguration (when not caused by user)
  • Demonstrable exploits in third party components. (Requires full proof of concept (PoC) of exploitability)

The tech giant states that there are no restrictions on the number of qualified submissions an individual can make. However, if it received multiple reports for the same bug from different people, it will award the bounty to the first complete submission.

Reports have to be submitted to the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD).

Xbox Project Xcloud
Microsoft is showing its intent on delivering fresh gaming services this decade. Projects such as xCloud are set to give the firm new ground in the market. Photo: Xbox

Responsible approach

Chloé Brown, program manager at the Microsoft Security Response Center, spoke about how her company seeks to deliver a gaming service that is secure for its users.

“Since launching in 2002, the Xbox Network has enabled millions of users to share their common love of gaming on a safe and secure service,” she shared on Microsoft’s website.

“The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities which have a direct and demonstrable impact on the security of Xbox customers.”

Brown went on to state that a bounty program is an effective way to produce a secure ecosystem to play in. These projects combine well with internal tests, private programs, and knowledge shared by the firm’s partners.

Xbox Series X
With heavy investment going into the launch of the Xbox Series X, Microsoft will want to make sure that its online service is fully secure ahead of the release. Photo: Xbox

Strong incentives

This process is similar to the way other corporations such as Amazon try to reduce vulnerabilities. A few months ago, the Jeff Bezos-owned company offered two researchers $60,000 after they hacked into an Amazon Echo.

With a lot of money at stake, people will be more inclined to help companies with their targets. Initiatives such as these can help protect a wider-range of issues even after a company does the best it can to reduce them.

With Microsoft looking to regain a better presence within the gaming industry this decade, it will want to ensure that its security is full proof.

Do you think Microsoft’s approach to tackling bugs will be effective? Let us know your thoughts in the comment section.

1 Shares:
avatar
  Subscribe  
Notify of
You May Also Like