Microsoft has announced that it is launching a new Xbox Bounty Program that will pay gamers, security researchers, and tech fans globally for finding and reporting bugs. Bug bounty programs have been around for a long time and are an effort by companies to allow the public to uncover vulnerabilities in software and hardware to report them to the manufacturer rather than putting them on the black market (or using them personally for nefarious purposes). Microsoft says that the new Xbox bounty program requires the person finding a bug to share it with the Microsoft Xbox team via the Coordinated Vulnerability Disclosure or CVD.
Eligible submissions that have a clear and concise proof of concept are eligible for rewards up to $20,000, while the minimum offered bounty is $500. Microsoft says that bounties will be awarded at its discretion based on the severity and impact of the vulnerability and the quality of the submission. An eligible submission must meet the criteria below:
- Identify a previously unreported vulnerability that reproduces in our latest, fully patched version of Xbox Live network and services at the time of submission.
- Include clear, concise, and reproducible steps, either in writing or in video format.
- This allows submissions to be reviewed as quickly as possible and supports the highest bounty awards.
Participating in the bounty program requires the user to have an Xbox network account, and Microsoft recommends using one or more test accounts to conduct vulnerability research. Access to an Xbox console isn’t required, but would be helpful. Microsoft also notes that access to Xbox Gold, Project xCloud, Xbox Game Pass, Xbox Game Pass for PC, or Xbox Game Pass Ultimate accounts would be helpful, but not required. No hardware or accounts will be given out for testing, and to earn the highest bounty of $20,000, users must demonstrate a remote code execution deemed "critical" severity.
In other Xbox news, earlier this month the next-gen Xbox Series X was seen in a leaked image exposing the rear ports of the console.