Sony is inviting one and all to hunt down bugs on its PlayStation platform for some potentially big cash payouts.
The entertainment giant has actually had a bug bounty program in place for some time, but operated it privately with select researchers. This week’s announcement means the program is now open to everyone, including “the security research community, gamers, and anyone else,” Geoff Norton, Sony’s senior director of software engineering, wrote in a blog post about the expansion.
To facilitate the move, Sony has teamed up with HackerOne, a Silicon Valley company that operates such programs.
Sony wants people to test the security of the PlayStation 4 gaming console and the PlayStation Network digital media entertainment service.
The bug bounty program offers different payment bands linked to the severity of the issue and the quality of the report. Payouts start at $100 for a low-rated vulnerability discovered on the PlayStation Network, with the more valuable bands offering minimum payments of $400, $1,000, and $3,000.
Discover a low-rated vulnerability on the PlayStation 4 and you can expect to receive at least $500, with higher payouts worth a minimum of $2,500, $10,000, and, for the most critical vulnerability, upward of $50,000.
Data shared on HackerOne’s website shows that this particular bug bounty program — prior to it going public this week — has so far paid out $173,900 to researchers who have reported vulnerabilities, with the average bounty worth $400. In the last 90 days alone, the program has paid out $61,000.
HackerOne points out that Sony will only award a bounty to the first researcher to report a previously unreported vulnerability.
Sony: Creating a ‘safer place to play’
“We believe that through working with the security research community we can deliver a safer place to play,” Norton wrote in his post. “I’m happy to announce today that we have started a public PlayStation bug bounty program because the security of our products is a fundamental part of creating amazing experiences for our community.”
Bug bounty programs are common among tech firms as they work to shore up their digital defenses. Google revealed earlier this year that in 2019 it paid out a total of $6.5 million to researchers who found critical weaknesses in its software, with the single biggest payment worth a whopping $201,000.
Interested in getting involved? For full details of Sony’s bug bounty program, check out its listing on HackerOne’s website.
