Microsoft Announces Up To $20,000 Bounty For Finding Security Loopholes In Xbox Live
KEY POINTS
- Bounty program from Xbox Live users
- Bounty rewards range from $500 to $20,000
- Users need to submit security flaws and bug reports
All major technology companies have bounty programs that encourage users to report bugs and any security vulnerabilities that can cause a problem in the software. Microsoft has announced the launch of its Xbox Bounty program with awards up to $20,000.
Microsoft has announced this bounty program keeping in focus its Xbox Live network and services. Similar to other bounty programs, Microsoft is looking at certain specific security violations, if any. According to Tech Crunch, if users can find any unauthorized way to execute code on Microsoft’s servers, you can inform the company, and they will reward you.
The Xbox Bounty program offers rewards of $500 to $20,000. If a user can submit a high-quality report on remote code execution, he is eligible for the top prize. The other security impacts that are included are the election of privilege, security feature bypass, spoofing, information disclosure, and tampering.
The public should also keep in mind the out of scope vulnerabilities that will not earn any bounty rewards. These are low impact CSRF bugs like logoff, problems related to forgery or fraud, cookie replay loopholes, any URL redirects, denial of service issues, server-side information leaks like server names, stack traces, and IPs.
“The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000,” the blog post announcement read.
Users can send their complete submission using the MSRC submission portal in the recommended format. It is essential to read the submission guidelines before submitting the report.
In order to register for the Xbox Bounty program, a user needs a valid Xbox network account, and it is recommended that the user has an Xbox with an Xbox Game Pass or Xbox Gold. The report can be submitted in video or written format to Microsoft.
© Copyright IBTimes 2024. All rights reserved.