Info-tech

Microsoft will pay techies up to $20,000 for detecting bugs in Xbox Live

Hemani Sheth Mumbai | Updated on January 31, 2020 Published on January 31, 2020

Microsoft on Thursday announced a bug bounty program for its Xbox Live network and services, whereby the tech giant will pay a bounty of up to $20,000 for detecting bugs in its Xbox Live network.

“The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team. Qualified submissions are eligible for bounty rewards of $500 to $20,000,” Microsoft had said in an official statement.

Techies around the globe can perform individual testing of Microsoft’s fully patched version of the Xbox Live network and services. If at all they detect a bug in the network, they can submit their findings to the company and earn a hefty bounty of up to $20,000 if the submission is found relevant.

However, there’s a catch. The testing process must be reproducible. The tester will have to submit “clear, concise, and reproducible steps, either in writing or in video format” to claim the bounty.

The amount will differ based on the type of vulnerability and the severity of the same. The user, for example, will receive a $20,000 bounty for detecting severe issues with the system’s remote code execution. Vulnerabilities that lead to severe tampering with the network are worth $5,000. Microsoft has detailed the types of vulnerabilities and the specific bounties for the same on its website. DDoS issues and URL Redirects that generate significant traffic, however, are out of scope.

Users can also submit vulnerabilities on a case-by-case basis. Whoever detects a bug in the network, relevant enough for the program, can submit the necessary details using the MSRC Submission portal on the company’s website.

This is not the first time that Microsoft has provided a chance for techies to earn big through its bug bounty program. The company is already running a number of similar programs for its other products and services. Microsoft’s biggest bounty program, meant for detecting vulnerabilities in the company’s Azure cloud computing services, is worth a whopping $300,000, according to an Engadget report.

Published on January 31, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.