Sony has just announced the launch of a public vulnerability reward program for error detection and reporting on PlayStation. For now, this program covers the PlayStation 4 system and the domains associated with PlayStation Network. The program will be powered by the HackerOne vulnerability disclosure platform, and Sony invites researchers and enthusiasts to report any potential issues encountered in their products.
During the launching, Sony specified that reports will only be accepted about the current version of the system or any beta, although they may also accept reports related to previous versions, depending on the error analyzed. The company also reminds researchers that flaws found in any other Sony product must be reported in the overall rewards program.
This program sets reward bikes ranging from $100 USD for reports of common flaws, to $50k USD for critical failure reports; the rating of the reports is to Sony’s consideration. The company also specified that the amounts on its official list may vary: “Our bug bounty program contemplates multiple scenarios, including critical issues in the PS4 system,” said Geoff Norton, PlayStation’s director of software engineering. “Critical vulnerabilities found on the console could receive rewards from $50k USD,” he added.
Norton also said that this bounty program has been active for some time, although previously it could only be participated at Sony’s invitation; however, the company believes it is time to extend this program to the entire cybersecurity community. Those interested in participating can find the full list of bugs that qualify for the program on HackerOne.
Other console developers also have their own rewards program. A few months ago, Microsoft launched a specific bug reporting program on Xbox that offers payments of up to $20k USD for finding flaws on Xbox Live and its related services. Like other similar systems, the evaluation of reports and the severity level of errors are for the company’s consideration.
Nearly four years ago Nintendo also launched its rewards program, which allowed researchers to find and report security bugs for the 3DS family of systems by offering rewards of up to $20k USD, depending on the severity of the failure and the quality of the report.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.