Microsoft to pay cash bounties on Xbox bugs

News
By published

Xbox Bounty program aims to improve the network and services of Microsoft's gaming platform

(Image credit: Micosoft)

Microsoft has announced the launch of an official bug bounty program for Xbox in an effort to improve the gaming platform's network and services.

The software giant has said that it will pay anywhere from $500 to $20,000 for vulnerabilities discovered in the platform's online service Xbox Live.

While security researchers typically have the most to gain from bug bounty programs, Microsoft has said that anyone, regardless of their position, can submit vulnerabilities to its new program.

In a blog post announcing the Xbox Bounty program, program manager at the Microsoft Security Response Center (MSRC), Chloé Brown explained that to be eligible, submissions will require a proof of concept (POC) that is easily understandable, saying: 

“The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”

Xbox Bounty program

Microsoft's latest bug bounty program will cover the Xbox Live cloud backend infrastructure and vulnerabilities that allow for remote code execution will have the highest payouts at up to $20,000. Escalation of privilege flaws can earn security researchers up to $8,000 and flaws that allow a user to bypass security features are worth $5,000.

The new Xbox Bounty program also comes with some restrictions. For instance, Microsoft will prohibit and automatically disqualify anyone who attempts to phish or social engineer Xbox users and engineers while searching for bugs as well as anyone who moves laterally inside the Xbox network beyond what is needed to prove a vulnerability's impact. Downloading or accessing sensitive Xbox user data is also prohibited under the program's rules.

The Xbox platform was first announced at E3 before it was released in October of 2012. A year later, Microsoft created its first bug bounty program but it only applied to Windows and the company's other software.

The Xbox Bounty program is a win for Microsoft as well as for consumers who will benefit from a smoother and more secure online experience while playing games on the company's consoles.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Pro
cybersecurity
What's the right type of web hosting for me?
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
construction
Building in the digital age: why construction’s future depends on scaling jobsite intelligence
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about pro
Silicon Motion MonTian 128TB SSD

More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab

How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD