KEY POINTS

  • Sony has launched a new PlayStation Bug Bounty program
  • The program will reward those who report PS4 and PlayStation Network security vulnerabilities
  • But not all reports will be rewarded

Sony has announced that it is launching a bug bounty program that will reward individuals and groups that discover and report security vulnerabilities of the PlayStation 4 console as well as the PlayStation Network.

In a blog entry, Sony Interactive Entertainment's senior director of software engineering, Geoff Norton, announced the launch of a public PlayStation Bug Bounty program that is designed to encourage the security research community, gamers and anyone who's interested to look for security vulnerabilities in the PS4 and PlayStation Network and report them to the company.

Norton said the company has been running the program privately with some researchers but has decided to make it public and expand it to the research community because of the “valuable role” that they play in enhancing security. The company publicly launched the program just this month and is doing it n partnership with internet security company HackerOne.

The program offers bounties and will reward those who submit vulnerability reports based on the severity of the vulnerability, as well as the quality of the report. Sony promises hefty cash rewards – those who report critical vulnerabilities for PS4, for example, will receive at least $50,000.

PlayStation 4
PlayStation 4 REUTERS/Brendan McDermid

Not all reports will be considered valid and eligible for rewards. Per the program's details, Sony is “currently interested in reports on the PlayStation 4 system, operating system, accessories and the PlayStation Network.” The scope of vulnerabilities on these include:

PlayStation 4

For the PS4, Sony said individuals can look for vulnerabilities on the system, accessories and operating system. Submissions should focus on the current released system software, or a beta version fo system software.

Reports about vulnerabilities in older or earlier software versions might be accepted on a case-by-case basis. Vulnerabilities related to PlayStation 1, PlayStation 2, PlayStation 3, PS Vita and PSP or any other hardware, on the other hand, will not be accepted.

PlayStation Network

For PlayStation Network, individuals can submit vulnerability reports regarding the following domains:

  • *.playstation.net
  • *.sonyentertainmentnetwork.com
  • *.api.playstation.com
  • my.playstation.com
  • store.playstation.com
  • social.playstation.com
  • transact.playstation.com
  • wallets.api.playstation.com

Sony has laid out some important things for interested researchers and would-be participants to know via HackerOne.