Microsoft has started an Xbox Bounty Program which could allow gamers, security researchers and virtually anyone earn as much as $20,000 for discovering vulnerabilities in the Xbox Live network and services. Microsoft says the bounty rewards will be awarded at its own discretion based on severity & impact of vulnerability and the quality of submission. This reward will also be subjected to Microsoft’s Bounty Terms and Conditions.
There could be higher payouts than $20,000 but the least for submitting an important bug is $500. Those who report critical remote code execution and elevation of privilege flaws will get the biggest payouts while security feature bypasses, information disclosure, spoofing and tempering can earn as much $5,000 in the Xbox Bounty Program rewards.
Before a vulnerability reported is eligible, Microsoft says it must have been unreported before in its latest, fully patched version of Xbox Live network and services at the time of submission. For die-hard gamers who looks most likely to find a vulnerability, the submission must be clear, concise, and the steps must be reproducible in writing or video format.
Both Xbox Series X console and the xCloud game streaming service will operate on the Xbox Live network. With Microsoft gearing up for the launch of its next-generation console, the Bounty rewards couldn’t come sooner. Competitors, Sony and Nintendo are also accepting security bug reports with the latter awarding up to $20,000 while the former is only giving a t-shirt reward.