Microsoft today announced the launch of a new bug bounty program, this time revolving around its Xbox products. Like other programs of its kind, the Xbox Bounty program seeks the help of security researchers, gamers, and otherwise technology enthusiasts to discover any security issues with its services, and in turn, those that report issues can get monetary rewards.
In the case of the Xbox Bounty program, rewards can go up to $20,000 depending on the severity of the issue and the quality of the submission. The kinds of impact included in the program are remote code execution, elevation of privileges, security feature bypass, information disclosure, spoofing, and tampering, each with its own reward levels. Denial of service attacks are naturally not included in the scope of the program.
To qualify for the highest-paying reward, you"ll need to discover a vulnerability that allows for remote code execution of critical severity, and provide a high-quality report. Elevation of privilege vulnerabilities can grant up to $8,000. Meanwhile, any issues of moderate and low severity do not qualify for any reward.
Bug bounty programs are a common way companies increase the security of their services and products, by requesting external help in detecting issues. Microsoft itself has created a number of programs like this in the past.