Sony launches PlayStation bug bounty ahead of PS5 launch
Using a $50k minimum for vital PS4 flaws, Sony flashes more cash than rivals Nintendo and Microsoft
Sony has actually introduced a public bug bounty program for its PS4 console and PlayStation Network on the HackerOne platform.
Successful reports of critical vulnerabilities in the PS4 hardware and os will net security scientists bounties of a minimum of $50,000.
This eclipses the $20,000 ceiling for critical flaws submitted to the vulnerability disclosure programs of Sony’s 2 greatest rivals in the gaming console market, Nintendo and Microsoft.
In-scope assets include the PS4 system, accessories, and current release or beta variation of the system software, plus eight PlayStation Network domains.
PlayStation’s public program replaces an invite-only program that it launched in 2015.
Sony has paid out bounties amounting to around $174,000 since introducing this earlier private program, with $40,000 the most significant bounty up until now, according to PlayStation’s bug bounty page on HackerOne.
Bug hunters who discover security small flaws in the PlayStation Network, its digital media platform, might earn rewards ranging in between $100 and $3,000.
PS4 security bugs might net them between $500 and $50,000, and potentially beyond.
The news was revealed in a post released on the Playstation blog site on Wednesday (June 24) by Geoff Norton, senior director software engineering at PlayStation.
” We are welcoming the security research study community, players, and anybody else to test the security of PlayStation 4 and PlayStation Network,” said Norton.
” We recognize the important role that the research community plays in enhancing security, so we’re thrilled to announce our program for the broader neighborhood.”
ASSOCIATED Level up: How an increase in bug bounty programs is securing online gamers
Growing varieties of video other video game developers are releasing bug bounty programs, including Rockstar Games, InnoGames, and Riot Games.
The shift to a cloud-based design has actually opened the market to new security risks, including credential packing attacks and the use of stolen credentials to buy, and later sell on, in-game currency and other items.
A US-based individual is currently waiting for sentencing in relation to the theft of countless confidential Nintendo files following a phishing attack, while in April there were fears that malicious hackers could make use of the leakage of source code for Team Fortress 2 and Counter-Strike: Global Offensive.
Steve Ragan, a security scientist at Akamai, just recently informed The Daily Swig that “the social element” represented a “major attack surface area” in the interactive modern-day gaming arena.
However, he noted that social engineering attacks were omitted from Microsoft’s program, something that is also the case for its PlayStation counterpart.
Sony is set to release the next model in its PlayStation console series, the PS5, later this year.