Microsoft is going to launch an Xbox bug bounty p
“The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team. Qualified submissions are eligible for bounty rewards of $500 to $20,000 USD.” reads the p
“Bounties will be awarded at Microsoft’s discretion based on the severity and impact of the vulnerability and the quality of the submission, and subject to the Microsoft Bounty Terms and Conditions.”
The bug bounty program will pay for vulnerabilities in the Xbox Live network and services. The list of eligible types of vulnerabilities Cross site scripting (XSS), Cross-site request forgery (CSRF), IDOR, insecure
The vulnerabilities can lead to remote code execution, elevation of privileges, security bypass, information disclosure, spoofing, or tampering. Denial-of-service (
Bounty awards range from $500 up to $20,000. Higher awards are possible, at Microsoft’s sole discretion, based on report quality and vulnerability impact. Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgment if their submission leads to a vulnerability fix.
|Security Impact||Report Quality||Severity|
|Remote Code Execution||HighMediumLow||$20,000 $15,000 $10,000||$15,000 $10,000 $5,000||N/A||N/A|
|Elevation of Privilege||HighMediumLow||$8,000|
|$5,000 $2,000 $1,000||$0||N/A|
|Security Feature Bypass||HighMediumLow||N/A||$5,000 |
|Information Disclosure||HighMediumLow||N/A||$5,000 |
|Spoofing||HighMediumLow||N/A||$5,000 $2,000 $1,000||$0||$0|
|Denial of Service||High/Low||Out of Scope|
Hackers that report remote code execution flaws can earn between $5,000 and $20,000, while privilege escalation vulnerabilities could be rewarded with payouts between $1,000 and $8,000. The r
Microsoft will review every submission on a case-by-case basis, anyway, some common low-severity issues that are out of scope and that typically do not earn bounty rewards are:
“Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.