Recently Sony had announced the launch of public PlayStation bug bounty program to pay security researchers and games for security vulnerabilities found in PlayStation Network domains, PlayStation 4 devices.
According to the company, new PlayStation bounty program hosted on HackerOne, Sony wants research community that if there any issues found in operating system, accessories, PlayStation 4 system and many others.
Afterwards, Sony states that, “submissions on the current released or beta version of system software” will be accepted but it may also “accept submissions on earlier versions of system software on a case by case basis.”
Hence, those people who find vulnerability on a Sony asset are advised to report it through Sony’s public bug bounty programs.
Over $50,000 for critical PlayStation 4 bugs
Qualified bug bounty program submissions are eligible for bounty payouts ranging from $100 for low severity PlayStation Network to $50,000 for PlayStation 4 critical flaw. The bounties will be awarded at Sony’s discretion based on severity and impact of revealed security issues.
Later, reward table displayed on bug bounty programs for critical PlayStation for security vulnerabilities. Sony says that all amounts will be represented which states minimum bounty for each and every severity category.
Geoff Norton said that, “Our bug bounty program has rewards for various issues, including critical issues on PS4,” PlayStation Senior Director Software Engineering”. He also said that this program was already running privately with some security researchers but it has now expanded to include broader research community.
Other console vendor’s bug bounty programs
Microsoft also announced that Xbox bug bounty program in Jan 2020 offering rewards of up to $20,000 for critical remote code execution security vulnerabilities found in Xbox live networks and other similar services.
Just like Sony, Microsoft also added “higher awards are possible, at Microsoft’s sole discretion, based on report quality and vulnerability impact.”
Nintendo also launched VRP almost for 4 years in Dec 2016 and allow researchers to find out and report security vulnerabilities for Nintendo 3DS family of handheld game system and paying bounty up to $20,000 depends on the report quality.