Microsoft has announced its latest Bug Bounty Programme for its Xbox Live network. According to the company, the latest Bug Bounty Programme is being extended to all gamers, security researchers, coders and anyone really with the skills to find bugs in the Xbox Live framework. The rewards to be given out will range from $500 to $20,000, although Microsoft states that the reward can be even higher if the flaw discovered is critical enough in nature.
What Microsoft is looking from its Bug Bounty Programme are detailed, precise demonstrations, either in written or video form, of critical vulnerabilities. The highest rewards will be reserved for flaws such as escalation of privilege and remote code execution on the Xbox Live network. These must also include a clear proof of concept of the flaws, and the wide base of eligible users for the programme suggests that Microsoft is looking for its community to discover any critical vulnerability that its network may have.
Flaws such as bypassing security gateways, improper information disclosure or network tampering are also included in the Programme, but are limited to rewards of up to $5,000. However, a report by The Verge states that Microsoft is not looking for people to test DDoS attacks, social engineering or server-end vulnerabilities.
The Bug Bounty Programme comes ahead of the launch of Microsoft’s Xbox Series X console and the xCloud game streaming platform, both of which will run on the Microsoft Xbox Live network. The company has previously hosted similar Bug Bounty Programmes as well, most notably for its Windows 10 platform. Going forward, it will be interesting to see what critical vulnerabilities are discovered, and how big an impact does this have on its product.