As Microsoft continues to roll out more and more games for its Xbox Live platform, the company is taking an unprecedented approach to identify and correct bugs. Rather than relying exclusively on programmers and professional testers, they’re turning to their audience and offering bounties for players who identify bugs and other security vulnerabilities and report them to the company.
The bounty program is open to anyone and bounties will be awarded based on the severity and impact of the vulnerability and the quality of the submission. While Microsoft has not provided any specific details, they did lay out some criteria and guidelines for aspiring bounty hunters. In order to be eligible for a reward, the submission must:
Identify a previously unreported vulnerability that reproduces in our latest, fully patched version of Xbox Live network and services at the time of submission.
Include clear, concise, and reproducible steps, either in writing or in video format.
The categories of security impact for bugs are as follows: remote code execution, elevation of privilege, security feature bypass, information disclosure, spoofing, tampering, and denial of service.
Testing can be completed on an Xbox 360, Xbox One, Xbox One S or Xbox One X and Microsoft recommends an Xbox Gold, Project xCloud, Xbox Game Pass, Xbox Game Pass for PC or Xbox Game Pass Ultimate account.
The bounty offering comes at a time when user privacy is considered an especially important issue in the gaming community, especially as online gaming can be almost considered its own social network of sorts. It also comes as part of Microsoft’s mass critical overhaul of its security features and as Xbox console streaming is now available in most markets.
For non-gamers, Microsoft also has bounty programs for many of its other software application. A full list can be found here.
