Microsoft will begin rewarding researchers who identify and report vulnerabilities in its Xbox consoles. The Xbox Bounty Program, as its being called, will offer cash awards ranging from $500 up to $20,000 for the identification of major flaws. Consoles going back to the Xbox 360 are included in the scope of the program.
Bounty programs incentivize outsiders to assist tech companies in securing their systems. Instead of exploiting vulnerabilities or selling them on the black market, which opens one up to legal risk, individuals can directly report them to Microsoft and get rewarded for it.
Your payout will vary — Microsoft says that eligible submissions must include clear and concise instructions on how to replicate the bug. Exactly how much money a bug submission is worth varies based on the severity — if it allows someone to remotely execute code on an Xbox, you could be looking at taking home the top $20,000 bounty. Bypassing a security feature could net you up to $5,000. Anyone is eligible to participate in the program.
Google announced yesterday that in 2019 it paid out $6.5 million in bounty rewards through its own program. Tech companies are increasingly the targets of cyberattacks by criminals and nation states as they store progressively more data on the lives of everyday citizens around the world.
Microsoft notably doesn’t include denial of service attacks in its program, meaning it doesn’t want you to try flooding its servers with traffic to see what happens. Seems reasonable enough.