Microsoft recently announced an official bug bounty programme to help identify and patch security loopholes on its Xbox Live network and services. The software giant says it will pay bug hunters up to $20,000 (Indian equivalent of Rs 14,27,210), depending on how severe the exploit is and how comprehensively the report is filed.
Like with any bug bounty programme, payouts depend on the severity of the threat, starting from $500 (around Rs 35,700). With the new programme, Microsoft is hoping to identify serious/specific security flaws in its Xbox Live series and network. The company said anyone can submit vulnerabilities to the new bug bounty, regardless of their profession.
According to a Microsoft blog post, spoofing attacks can earn bug hunters up to $5,000, while remote code execution exploits pay the most from $10,000 to $20,000. Your submission must include clear and concise proof of concept. Additionally, submissions should only include previously unreported vulnerabilities.
Microsoft has also ruled out certain types of security vulnerabilities, including DDoS attacks, anything related to phishing Xbox users or URL redirects as 'out-of-scope'.
Xbox Live is just one many bug bounty programmes Microsoft is running for its products and services. While some rewards are capped at $15,000, the biggest bounties are offered for their cloud computing service. Bug hunters can net up to $300,000 for the most severe vulnerabilities found Azure.
In the past, Microsoft has paid bug hunters for reporting vulnerabilities in products such as the Microsoft Office suite, Windows operating system, the IE and Edge web browsers, the Hyper-V hypervisor technology, cloud services, and the ElectionGuard open-source voting software.