PlayStation’s new bug bounty program pays up to $50,000
Large tech companies are often the target of cyberattacks and other digital threats. Despite their best efforts, it’s impossible to find every little flaw that exists within a system. So, these companies frequently offer “bug bounties,” cash rewards for ethical hackers who can identify vulnerabilities in their systems.
PlayStation just announced that it is rolling out its own bug bounty program that will pay people for hacking into its various offerings. That includes its PSN domains, the PS4 console, and some of its accessories. It is partnering with HackerOne to run the program, which pays up to $50,000 rewards for discovering “critical” bugs.
Sony announced the new PlayStation bug bounty program via its official blog on Wednesday. It cites its commitment to “providing gamers all over the world with great experiences.”
Its online gaming and social-focused PlayStation Network (PSN) has been the target of several bugs over the years. The most notable was an attack by a group called Lizard Squad that downed PSN servers for almost 160 million gamers on Christmas Eve in 2014. Microsoft’s Xbox Live also fell victim to the attack.
In an effort to prevent future problems, PlayStation’s bug bounty program is being opened to everyone. Sony notes that it has been running the program privately with a select group of security researchers. Now, anyone with some hacking skills can try their hand at breaching PlayStation’s systems for a payday.
Sony is partnering with the research platform HackerOne to run the program. The latter has set up a site that details the specifics of the bug bounties it is currently offering. Notably, the largest bounties are for the PS4, Sony’s most recent console. It is offering payouts of $50,000 for verifiable reports of a critical bug related to the console. Meanwhile, it will pay $10,000, $2,500, and $500 bounties for bugs of high, medium, and low severity respectively.
It’s somewhat interesting that Sony is investing so much in its bug bounty program for a console that is just months away from getting phased out. The PS5 is expected to launch this holiday season and will largely replace the PS4 in the next few years. Given that Sony isn’t paying bounties for bugs on any of its other consoles, that’s an interesting trend.
Meanwhile, payouts for reports about PSN are worth $3,000 for critical issues, $1,000 for high-severity, $400 for medium-severity, and $100 for low-severity.
Bounties for All
According to HackerOne’s stats, 41 “bug-finders” have taken advantage of the program in the past 90 days. It also notes that 102 reports have been submitted and 88 have been resolved. A whopping $173,900 in bounties have already been paid out.
At this point, it’s unclear what portion of these figures are from the days before the program went public. Either way, it’s clear that there are issues to be found in PlayStation’s architecture. Those hoping for a $50,000 payday have their work cut out for them, though.
HackerOne notes that the average bounty for the program is just $400.
Originally published at https://www.theburnin.com on June 24, 2020.