Earlier today, Microsoft announced the Xbox Bounty program which, like most similar bounty systems, will reward those who discover security vulnerabilities on the platform with cash prizes ranging from $500 up to $20,000.
“The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD),” Microsoft’s Chloé Brown said in an official blog post. “Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”
An official website has been set up which, while basic in appearance, does show who can submit vulnerabilities, how much each sort of discovery can earn, and how to get in contact with Microsoft to participate.
Bounty programs such as this one are fairly common in the tech-oriented companies as they allow organizations to significantly expand their testing and increase their odds of discovering major vulnerabilities before they’re made public. They also provide an incentive for those that do discover major flaws to privately report them to a company instead of taking to social media and online forums to let the entire world know of their discovery and take advantage of it.