By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft just announced the launch of an Xbox bug bounty program to allow gamers and security researchers to report security vulnerabilities found in the Xbox Live network and services. Qualified Xbox Bounty Program submissions are eligible for bounty payouts ranging from $500 to $20,000 for a remote code execution submitted via a high-quality report with clear and concise proof of concepts (POCs). The bounties will be awarded "at Microsoft’s discretion" based on the severity and impact of the security issue disclosed, as well as the quality of the submission. "Higher awards are possible, at Microsoft’s sole discretion, based on report quality and vulnerability impact," Redmond says. "Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgment of their submission leads to a vulnerability fix." Vulnerabilities submitted through the Xbox Bounty Program are required to meet the following criteria to be eligible for a bounty award. To send a submission to the Xbox team you have to use the MSRC Submission portal, with the mention that you'll have to abide by the recommended format in Microsoft's bounty submission guidelines. Additional details on what activities are prohibited under the Xbox Bounty Program and the out of scope vulnerabilities are available on the Coordinated Vulnerability Disclosure throughout the vulnerability reporting process. For vulnerability submissions that are out of the scope of the Xbox Bounty Program, Microsoft may still offer the security researchers public recognition by adding them to the Online Service Acknowledgements page. The bounty amounts for in-scope vulnerabilities based on their severity levels are available in the table. You can find additional information on Microsoft bounty program requirements as well as legal guidelines in the Bounty Terms, the Safe Harbor policy, and the Bounty FAQ. "Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming on a safe and secure service," MSRC Program Manager Chloé Brown said. "The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities that have a direct and demonstrable impact on the security of Xbox customers. For more navigate to OUR FORUM.

 

Translate