/>
X

Microsoft launches Xbox bug bounty program with rewards of up to $20,000

Microsoft Security Response Center (MSRC) to start accepting vulnerabilities in Xbox gaming platform.
catalin-cimpanu.jpg
Written by Catalin Cimpanu, Contributor on
Xbox controller
Image: Joshua Oluwagbemiga

Microsoft announced today the launch of an official bug bounty program for the Xbox gaming platform.

Starting today, Microsoft says it will pay from $500 to $20,000 for vulnerabilities found in the Xbox Live network and services.

Microsoft said anyone can submit vulnerabilities to the new Xbox bug bounty program, regardless if they're gamers or trained security experts.

According to Chloé Brown, Program Manager at the Microsoft Security Response Center (MSRC), eligible submissions must include "a clear and concise proof of concept (POC)."

The POC will be needed to demonstrate the bug's impact and allow the Xbox team to reproduce the vulnerability before fixing the reported issue.

"Bounties will be awarded at Microsoft's discretion based on the severity and impact of the vulnerability and the quality of the submission," the program's rules state.

The bug bounty program will cover the Xbox Live cloud backend infrastructure. Rewards will be given out for bug reports based on the table below:

xbox-bug-bounty.png

The Xbox bug bounty, however, also comes with some restrictions. For example, Microsoft prohibits and automatically disqualifies bug hunters who attempt to phish or social engineer Xbox users and engineers, move laterally inside the Xbox network beyond the minimally needed access to prove a vulnerability's impact, or bug hunters who download or access sensitive Xbox user data.

The Xbox platform has been around since 2012. Even if Microsoft has been one of the first tech companies to run a bug bounty program, Xbox was never included in this program.

Until today, Microsoft has paid bug hunters for vulnerability reports in products such as the Windows operating system, the Office suite, the IE and Edge web browsers, Microsoft vast array of cloud services, the Hyper-V hypervisor technology, and the ElectionGuard open-source voting software.

In Memoriam: All the consumer products Microsoft has killed off

Related

Microsoft wants to improve IoT security with Edge Secured-core devices
developer-workload-devops-team-tech-worker-it-staff.jpg

Microsoft wants to improve IoT security with Edge Secured-core devices

Security
Microsoft turns on promised gaming features for its Edge browser
gamingmenuinmicrosoftedge

Microsoft turns on promised gaming features for its Edge browser

Gaming
Microsoft June 2022 Patch Tuesday: 55 fixes, remote code execution in abundance
microsoft windows security patch tuesday

Microsoft June 2022 Patch Tuesday: 55 fixes, remote code execution in abundance

Security