Microsoft company announced an official launch bug bounty software for the Xbox gaming platform. For vulnerabilities discovered on the Xbox Live network and services, researchers will be paid between $ 500 and $ 20,000.
Anyone can participate in the new reward program for vulnerabilities, as if he is a simple gamer or a high-class information security specialist. Microsoft Security Response Center Experts they writethat for this you need only a clear description of the problem, as well as a clear and concise PoC (proof of concept), so that the Xbox team can assess the potential danger of the error and reproduce the vulnerability before the correction.
Bug bounty will cover the backend infrastructure of the Xbox Live cloud. At the same time, Microsoft will automatically disqualify researchers who try to access the confidential data of Xbox users; Use phishing or social engineering against Xbox users and employees They will try to find the sideways path within the Xbox network (that is, they will go beyond the minimum necessary to demonstrate the impact of the vulnerability).
The company is interested in bugs leading to code execution, privilege escalation, bypassing security mechanisms, information disclosure, spoofing, and other changes. The denial of service (DoS) issues are not covered by the program.
Rewards for found bugs will be paid in accordance with the table below. Thus, vulnerabilities that allow remote code execution can bring specialists from $ 5,000 to $ 20,000, and vulnerabilities that allow privilege escalation from $ 1,000 to $ 8,000.