Skip to main content

Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live

When it comes to securing complex products, companies are increasingly turning to bug bounty programs to invite members of the public to find security vulnerabilities. Google’s bug bounty program handed out $6.5 million last year, and Apple recently expanded its program to cover macOS bugs as well as iOS bugs.

Now Microsoft is expanding its own bug bounty program from covering software like its Office suite and its Edge browser to also covering the Xbox Live network and services. The company will pay out rewards to anyone who can find and reproduce a security vulnerability in the Xbox Live system.

As announced in a Microsoft Security Response Center blog post, “The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”

CVD is a policy in which researchers agree to disclose any vulnerabilities they find to the creators of the software (in this case, Microsoft) and allow the creators to manage further disclosure. Essentially, participants in the bug bounty program agree that they will turn over information about vulnerabilities to Microsoft and let Microsoft handle the closing of security loopholes and announcements to the public.

To register for the program, users must have an Xbox network account, and Microsoft recommends that they have access to an Xbox with an Xbox Game Pass or Xbox Gold as well. Once a user has identified a security vulnerability that can be reproduced in the latest, patched version of Xbox Live, they must report it in either written or video format.

Bounties range from $1,000 for a low-quality report of a vulnerability that allows tampering all the way up to $20,000 for a high-quality report of a critical vulnerability that enables remote code execution.

Denial of Service attacks are not part of the program and are prohibited, as are automated attacks that generate significant traffic. Social engineering attacks such as phishing are also not allowed.

More details about the details of the bug bounty program are available on the Microsoft website.

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
Xbox Series X tips and tricks: how to set up your new console
Xbox Series X on a table.

There's no better feeling than booting up a new console and experiencing all the cool features and options available to you. On the flip side, some of the best parts of a console like the Xbox Series X are not automatically presented to you. You could just accept the system as it is and get used to it, but why ignore all the customization options and enhancements you could be enjoying with just a few tweaks?

We get that navigating a console's systems, especially if you're new to the ecosystem, can feel backwards and unintuitive to say the least. Rather than try and dig through layers of menus on your own, we've compiled a list of the best tips and tricks you should know about to get the most enjoyment out of your new Xbox Series X console.

Read more
The best Xbox exclusives of 2022: 6 Game Pass greats that saved Microsoft’s quiet year
Characters from Grounded stand in front of text that says 2022 Best Xbox Exclusives.

The Xbox Series X and Xbox Series S's second year on the market was rough. While the consoles continue to sell well and Xbox Game Pass is still a great deal, the delay of Redfall and Starfield into 2023 decimated the Xbox consoles' first-party 2022 lineup. While the lack of heavy-hitting AAA titles might initially make a list like this seem frivolous, Xbox Series X and Xbox Series S still had quite a few compelling exclusives.

Many of these games are highly experimental, pushing the boundaries of narratives in video games. All of the titles launched on Xbox Game Pass on day one, highlighting the strength of that subscription service. If you have an Xbox Game Pass subscription or are just wondering what 2022 Xbox exclusives are worth playing, these seven console exclusives stand out.
Immortality

Read more
Ubisoft confirms Assassin’s Creed remakes are in the works
Basim perched on a ledge overlooking Baghdad

In a company interview with CEO Yves Guillemot posted on the Ubisoft website Thursday, the executive reveals that there are remakes of Assassin's Creed games in the works, although he doesn't specify which ones.

"Players can be excited about some remakes, which will allow us to revisit some of the games we've created in the past and modernize them," he says, implying that it could pertain to games made before Odyssey. "There are worlds in some of our older Assassin's Creed games that are still extremely rich."

Read more