Sony Launches PlayStation Bug Bounty Program With $50k+ Rewards
Sony today announced the launch of a public PlayStation bug bounty program to pay security researchers and gamers for security vulnerabilities found in PlayStation 4 devices, the PlayStation Network domains.
According to the company’s new PlayStation bug bounty program (aka Vulnerability Disclosure Program) hosted on HackerOne, Sony wants the research community to report any issues found in the PlayStation 4 system, operating system, accessories, and the PlayStation Network.
Sony explains that only “submissions on the current released or beta version of system software” will be accepted but it may also “accept submissions on earlier versions of system software on a case by case basis.”
Those who also find a vulnerability on a Sony asset that is not covered by the PlayStation VRP are advised to report it through Sony’s public bug bounty program.
Also read: Cost of GDPR Compliance for Singapore Companies
Over $50,000 for critical PlayStation 4 bugs
Qualified PlayStation bug bounty program submissions are eligible for bounty payouts ranging from $100 for a low severity PlayStation Network vulnerability to $50,000 for a PlayStation 4 critical flaw.
The bounties will be awarded at Sony’s discretion based on the severity and impact of the disclosed security issues, as well as the quality of the submission.
While the rewards table displayed on the bug bounty program’s HackerOne entry lists a $50,000 reward for critical PlayStation 4 security vulnerabilities, Sony says that all the amounts listed “represent the minimum bounty for each severity category.”
“Our bug bounty program has rewards for various issues, including critical issues on PS4,” PlayStation Senior Director Software Engineering Geoff Norton said. “Critical vulnerabilities for PS4 have bounties starting at $50,000.”
Norton also said that this bug bounty program was already running privately with some security researchers but that it jas now expanded to include the broader research community as recognition to its valuable role in enhancing security.
Researchers can find a list of all in-scope and out-of-scope vulnerabilities, as well as responsible disclosure guidance on the HackerOne page dedicated to the PlayStation VRP.
Other console vendors’ bug bounty programs
Microsoft also announced an Xbox bug bounty program in January 2020, offering researchers rewards of up to $20,000 for critical remote code execution security vulnerabilities found in the Xbox Live network and related services.
However, just like Sony, Microsoft added that “[h]igher awards are possible, at Microsoft’s sole discretion, based on report quality and vulnerability impact.”
Nintendo also launched a VRP almost four years ago, in December 2016, allowing “researchers to find and report security vulnerabilities for the Nintendo 3DS family of handheld game systems” and paying bounties of up to $20,000 depending on the flaw’s severity and report quality.
Since then, Nintendo’s bug bounty program has expanded to also include bugs found in Nintendo Switch and New Nintendo 3DS systems.
Also read: 6 Simple Tips on Cyber Safety at Home
0 Comments