Microsoft has a new Bug Bounty Program where hackers can earn up to $20,000 if they discover Xbox vulnerabilities.
According to the program, qualified bounties will be awarded at Microsoft’s discretion on the severity and impact of the vulnerability and submissions are eligible for bounty rewards of $500 to $20,000 USD.
Microsoft’s main goal of this bounty program is to uncover significant vulnerabilities that can have an impact on the security of their customers.
According to a blog post published by Microsoft, “Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming on a safe and secure service. The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities which have a direct and demonstrable impact on the security of Xbox customers.”
With this bounty program, they are hoping to discover any XSS, CSRF, IDOR, insecure deserialization, injection, server-side code execution, security misconfigurations, and the use of components with known vulnerabilities.
Hackers who discover remote code execution flaws can earn between $5,000 and $20,000, while privilege escalation vulnerabilities will earn a hacker between $1,000 and $8,000 USD.
This specific bounty program covers Xbox Live Network and Service.
According to a previous report, Microsoft paid $2,000,000 in Bounty Rewards in 2018.
The fact that they are continuing to pay such large sums of money towards these programs proves that they work in discovering vulnerabilities.