Microsoft Wants You To Hunt Bugs For Cash
Microsoft is giving gamers the opportunity to become bounty hunters from the safety of their own couches. To ensure the safety of Xbox Live, Microsoft is offering cash rewards for code savvy gamers who discover vulnerabilities in the service. We're talking big payouts: somewhere between $500 and $20,000.
Yes, you did read that right. As described by the official page, "The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team. Qualified submissions are eligible for bounty rewards of $500 to $20,000 USD."
Those two numbers are bolded, by the way. Microsoft places a high value on finding — and hopefully eliminating — any possible issues with Xbox Live.
How to become a bug bounty hunter
Before you get too excited, know that there's a good reason as to why these payouts are so impressive. It takes a lot of work to discover a security flaw, and then still more work to submit it. Microsoft will only pay you if you're able to find a previously undiscovered issue, reproduce it, and then direct engineers as to how to reproduce it.
Different levels of threats have different cash payouts too. "Important" remote code execution issues will pay out between $1,000 to $15,000 depending on the severity of the problem. Remote code execution issues labeled "critical" will shell out between $10,000 and $20,000. This is great news if you're security savvy, and it's far from the first time that Microsoft has recruited so-called "bounty hunters" to sniff out security weaknesses. In 2017, Microsoft offered a whopping $250,000 for proof of severe Hyper-V vulnerabilities in Windows 10.
Does this mean that Xbox Live is vulnerable right now? Probably not. Microsoft hasn't suffered security snafus in the same way that Sony has. Remember that one time in 2011 that PlayStation hackers stole a bunch of personal data? Yeah, the PlayStation Network was down for almost a month. It's probably a good strategy to get in front of these possible hacks long before they happen.