Skip to main content

Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live

When it comes to securing complex products, companies are increasingly turning to bug bounty programs to invite members of the public to find security vulnerabilities. Google’s bug bounty program handed out $6.5 million last year, and Apple recently expanded its program to cover macOS bugs as well as iOS bugs.

Now Microsoft is expanding its own bug bounty program from covering software like its Office suite and its Edge browser to also covering the Xbox Live network and services. The company will pay out rewards to anyone who can find and reproduce a security vulnerability in the Xbox Live system.

As announced in a Microsoft Security Response Center blog post, “The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”

CVD is a policy in which researchers agree to disclose any vulnerabilities they find to the creators of the software (in this case, Microsoft) and allow the creators to manage further disclosure. Essentially, participants in the bug bounty program agree that they will turn over information about vulnerabilities to Microsoft and let Microsoft handle the closing of security loopholes and announcements to the public.

To register for the program, users must have an Xbox network account, and Microsoft recommends that they have access to an Xbox with an Xbox Game Pass or Xbox Gold as well. Once a user has identified a security vulnerability that can be reproduced in the latest, patched version of Xbox Live, they must report it in either written or video format.

Bounties range from $1,000 for a low-quality report of a vulnerability that allows tampering all the way up to $20,000 for a high-quality report of a critical vulnerability that enables remote code execution.

Denial of Service attacks are not part of the program and are prohibited, as are automated attacks that generate significant traffic. Social engineering attacks such as phishing are also not allowed.

More details about the details of the bug bounty program are available on the Microsoft website.

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
Microsoft lets Xbox Series S devs increase console’s memory
Xbox Series S placed on a white table with the controller just in front of it

Microsoft is allowing Xbox Series S developers to increase the console's memory, giving them more space to access games and boost the performance of some titles.

The June Game Development Kit (GDK) is Available Now

Read more
Your Xbox Series X/S will now boot up a little faster thanks to startup tweak
Xbox Series X on a table.

Sonic the Hedgehog always said, "Don't blink, because you might miss it." This piece of wisdom may soon apply to the Xbox Series X/S, as Microsoft is implementing an update that will make the consoles boot up five seconds faster.

As reported by The Verge, the latest Xbox Insider build of the Xbox dashboard had the boot animation on screen for approximately five seconds, compared to 10 seconds for the old cold boot startup. Josh Munsee, director of integrated marketing at Xbox, confirmed over the weekend that he worked with Microsoft to create a new, shorter startup animation that looks the same as the original but reduced the boot time by five seconds.

Read more
Microsoft will no longer offer Xbox 360 games via Games with Gold
Marcus Fenix and other COG members of Gears of War.

Microsoft will discontinue Xbox 360 games from its Games with Gold service starting in October 2022. This news comes by way of an email from Microsoft, which was translated by Twitter user Wario64.

Following the removal of Xbox 360 games from Games with Gold, Microsoft will continue to add Xbox One titles for the foreseeable future. The email from Microsoft explains that the company has reached the limits of adding Xbox 360 games.

Read more