Sony is inviting one and all to hunt down bugs on its PlayStation platform for cash payments of up to $50,000.
The entertainment giant has actually had a bug bounty program in place for some time, but operated it privately with select researchers. This week’s announcement means the program is now open to everyone, including “the security research community, gamers, and anyone else,” Geoff Norton, Sony’s senior director of software engineering, wrote in a blog post about the expansion.
To facilitate the move, Sony has teamed up with HackerOne, a Silicon Valley company that operates such programs.
Sony wants people to test the security of the PlayStation 4 gaming console and the PlayStation Network digital media entertainment service. The bug bounty program offers various cash rewards according to the severity of the issue and the quality of the report. Payouts start at $100 for a low-rated vulnerability discovered on the PlayStation Network, with more valuable payouts worth $400, $1,000, and $3,000.
Discover a low-rated vulnerability on the PlayStation 4 and you can expect to receive $500, with higher payouts worth $2,500, $10,000, and, for the most critical vulnerability, $50,000.
Data shared on HackerOne’s website shows that this particular bug bounty program — prior to it going public this week — has so far paid out $173,900 to researchers who have reported vulnerabilities, with the average bounty worth $400. In the last 90 days alone, the program has paid out $61,000.
HackerOne points out that Sony will only award a bounty to the first researcher to report a previously unreported vulnerability.
Sony: Creating a “safer place to play”
“We believe that through working with the security research community we can deliver a safer place to play,” Norton wrote in his post. “I’m happy to announce today that we have started a public PlayStation bug bounty program because the security of our products is a fundamental part of creating amazing experiences for our community.”
Bug bounty programs are common among tech firms as they work to shore up their digital defenses. Google revealed earlier this year that in 2019 it paid out a total of $6.5 million to researchers who found critical weaknesses in its software, with the single biggest payment worth a whopping $201,000.
Interested in getting involved? For full details of Sony’s bug bounty program, check out its listing on HackerOne’s website.