The Xbox One Bounty Hunters Program has launched this week with considerable rewards up for grabs.
Rewards of between $500 to $20,000 can be claimed by program participants who are able to find and report vulnerabilities in Xbox Live security.
Here is a breakdown of the payment system:
| Security Impact | Report Quality | Severity | |||
| Critical | Important | Moderate | Low | ||
| Remote Code Execution | High
Medium Low |
$20,000
$15,000 $10,000 |
$15,000
$10,000 $5,000 |
N/A | N/A |
| Elevation of Privilege | High
Medium Low |
$ 8,000
$ 4,000 $ 3,000 |
$5,000
$2,000 $1,000 |
$0 | N/A |
| Security Feature Bypass | High
Medium Low |
N/A | $5,000
$2,000 $1,000 |
$0 | N/A |
| Information Disclosure | High
Medium Low |
N/A | $5,000
$2,000 $1,000 |
$0 | $0 |
| Spoofing | High
Medium Low |
N/A | $5,000
$2,000 $1,000 |
$0 | $0 |
| Tampering | High
Medium Low |
N/A | $5,000
$2,000 $1,000 |
$0 | $0 |
| Denial of Service | High/Low | Out of Scope |
This isn’t an opportunity for those clown hats that like to spend their time trying to put us all in a state of DoS though, as Denial of Service vulnerabilities are classified as “out of scope” and don’t pay a penny.
To receive payment you have to be able to provide very specific details of the vulnerability that you located, and it must be reproducible.
Xbox One is late to the party when it comes to offering this kind of bounty program, with Nintendo offering similar rewards since 2016. Whilst Sony has a similar program in place, their loyal followers are expected to do it for the love of the company and a pearly white hat.
