It’s not unusual practice to see companies occasionally (and sometimes regularly) run bug bounty programs. If you’re not familiar with the concept, then let me explain. Put simply, it’s effectively a challenge to ‘ethical hackers‘ to see if they can identify any security flaws in a piece of software. If they can (and more to the point, they can show it) then they’ll be rewarded with a cash prize!
It is, effectively, a means of attempting to identify any security flaws without actually paying a third-party corporation to do it (who may potentially find nothing).
In the latest ‘bug bounty’ promotion announced, Microsoft is challenging people to find security flaws with their Xbox Live service. If they can, they could receive up to $20,000.
Microsoft Launches Xbox Live ‘Bug Bounty’
In making the announcement, Microsoft has said:
“The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”
Now, we should note that if you find a flaw, that doesn’t automatically mean that you will receive $20,000. Microsoft will award sums based on the severity of the issue starting at $500.
Where Can I Learn More?
If you are interested in putting your ‘white hat hacking’ skills to the test, you can learn more via the official blog post here! – With a decent sum of money on offer, it will be interesting to see how many (if any) make successful claims.
Nothing motivates hackers like a cash prize after all!
What do you think? Do you like these ‘bug bounty’ programs? Have you ever participated in one? In addition, do you think any flaws will be found? – Let us know in the comments!
