In collaboration with the HackerOne online security platform, Sony introduced its bug bounty program that encourages users to detect bugs and security holes in the PlayStation 4 and PlayStation Network. Those who report the most serious vulnerabilities can receive $50,000 or more. Want to know more details? Read on to discover how the PlayStation Bug Bounty program works.
What Is the Bug Bounty Program?
The PlayStation bug reward program had been running privately for some cybersecurity researchers. However, the company decided to open it up to the general public in order to strengthen the security of its products with the help of the community, and thus “provide a better gaming experience", said Sony Interactive Entertainment's (SIE) Senior Director of Software Engineering, Geoff Norton, on the corporate blog.
Who Can Participate?
Currently, the Bug Bounty program is aimed at the gaming community, researchers and anyone who wants to test the PlayStation 4 and PlayStation Network security system. This excludes SIE employees, contractors, service providers and their families.
Products and Services Covered by the Program
While the PS5 is expected to be released before the end of the year, PS4 still has several years of useful life. In the meantime Sony is interested in bug and vulnerability reports about the following systems:
1. The PlayStation 4 console, operating system and hardware (either the current or beta version of the software). Depending on each case, PlayStation could evaluate the possibility of accepting reports on previous versions.
2. The following domains of the PlayStation Network platform:
Note: Vulnerabilities found in PlayStation 1, PlayStation 2, PlayStation 3, PS Vita, PSP, other accessories, domains or third party software will not be considered.
Find out more about PlayStation's 'Bug Bounty Program' policy here.
Where Are Vulnerabilities Reported?
If you find a vulnerability bug, you can submit a report from the HackerOne platform. You will first need to create an account and log in. Then go to the program's website and click on Submit report to submit your report.
Remember to provide enough details for HackerOne to check the validity of the vulnerability. The platform may ask you for additional information.
Important: As part of the Bug Bounty program, PlayStation relies on the good faith of researchers, users and hackers and therefore requests that they do not access, use or transfer any information they may find. For more information on responsible vulnerability disclosure, click here.
What Are the Rewards?
PlayStation assesses the severity of the reported vulnerability and the quality of the report to determine if there is a reward. However, through the platform, you can see that over $175,000 has already been paid out in total. It is worth mentioning that Sony only awards money to the first person who reports a security breach that has never been reported before.
The rewards vary depending on the severity of the reported vulnerability, which is classified into 4 categories: critical, high, medium and low. The following amounts of money correspond to the minimum amount awarded per category:
For PlayStation 4
- Critical level: $50,000
- High level: $10,000
- Medium level: $2,500
- Low level: $500
For PlayStation Network
- Critical level: $3,000
- High level: $1,000
- Medium level: $400
- Low level: $100
As part of the partnership between PlayStation and HackerOne, payments are made by the online error reward platform.
Photo – Unsplash.com; 123rf.com