Microsoft starts Xbox & Xbox Live Bug Bounty Program

Microsoft starts Xbox & Xbox Live Bug Bounty Program in 2020Q1

Microsoft's Xbox and Xbox Live currently strives for more IT security in the company. The new "Xbox Bounty Program" from MSRC is intended to supplement the current existing public Responsible Disclosure & Security programs.

A few days ago, Microsoft launched a bug bounty program for the Xbox game console and the associated online service Xbox Live. The software company announced on Thursday via the Microsoft Security Response Centers (MSRC) team on the news blog that bugs with clear proof-of-concept (PoC) exploits and instructions will be rewarded with up to $20,000 (USD). The lowst amount that will be acknowledged starts with $500 (USD). Denial of service and redirect vulnerabilities are excluded from the scope by reason.

The new Bug Bounty Program is intended exclusively for security researchers, whitehat hackers, reverse engineering experts and players themselves and uses the common program mechanics of MSRC. The program is not limited to the game consoles themselves, but also coordinates vulnerabilities in the Xbox Live online service. The amount of the payout bonus depends on different vectors such as the severity of the vulnerability, identified risk, the possible impact and the quality of the information / data submitted.

MSRC Manager Chloé Brown also stated in the blog post that a new Xbox Bounty Program complements Microsoft's existing security measures to detect and fix vulnerabilities that have been proven to affect the security of product customers. In this way a safe ecosystem around the Xbox for Microsoft is to be guaranteed.

References:
https://www.microsoft.com/en-us/msrc/bounty-xbox
https://msrc-blog.microsoft.com/2020/01/30/announcing-the-xbox-bounty-pr...