Sony has announced a new security bug hunting drive called the PlayStation Bug Bounty Program.
Created in partnership with security platform HackerOne, the program invites gamers and those in security research to search for vulnerabilities in both The Playstation 4 and PlayStation Network, offering money as a reward. According to the announcement blog post, “critical vulnerabilities” discovered will have rewards starting from $50,000 USD. That’s quite a lot of moolah, but since killing alien bugs inside video games doesn’t count, it appears to be out of our wheelhouse.
© Sony
“We believe that through working with the security research community we can deliver a safer place to play,” the post reads. The program has been running privately with researchers for some time, but now Sony wants to open it up to anyone who reckons they’re capable.
Naturally, the nature of what constitutes a serious enough bug to warrant compensation will be important for anyone looking to take part. As such, Sony has directed potential candidates to the PlayStation page on the HackerOne website.
Currently the scheme lists the following areas of interest:
“We are currently interested in reports on the PlayStation 4 system, operating system, accessories and the PlayStation Network. For PlayStation Network the following domains are in scope:
- *.playstation.net
- *.sonyentertainmentnetwork.com
- *.api.playstation.com
- my.playstation.com
- store.playstation.com
- social.playstation.com
- transact.playstation.com
- wallets.api.playstation.com
For the PlayStation 4 system, accessories and operating system, we will accept submissions on the current released or beta version of system software. PlayStation may at its discretion accept submissions on earlier versions of system software on a case by case basis.”
Unsurprisingly, you’ll also need to ensure you don’t reveal any vulnerabilities publicly if you want to claim a reward. Sony doesn’t want people exploiting them after all. Also of note is that the reward can’t be offered to anyone who lives “in a country that is subject to United States export sanctions or trade restrictions” or is a Sony employee.
Currently the page lists 88 reports as resolved, with an average bounty of $400. If this sounds like your area of expertise, head over to the HackerOne website for more details.
