Sony will now pay $50,000-plus bounties for critical PS4 vulnerabilities
Eager to make sure the PS4 and PlayStation Network are secure before the launch of the PS5 later this year, Sony has announced a public bounty programme. In a blog post, Sony Interactive Entertainment’s senior director for software engineering, Geoff Norton, said it was partnering with the group HackerOne to run the programme.
The lowest bounty available is $100 for someone who can find a low vulnerability in the wider PlayStation Network, but can reach as high as $3,000-plus for critical vulnerabilities. However, the largest potential sums of money come with bug detection in the PS4 console.
While starting from $500 for low vulnerabilities, Sony said it will pay out more than $50,000 to anyone who can spot critical vulnerabilities. HackerOne – a group that hosts bug bounty programmes for various companies – said the reward amount will depend on the severity of the flaw as well as the quality of their report. It also stated that it will not be paying out for any bug discoveries in its older hardware, including the PSP and PS Vita.
Until now, Sony’s bug bounty programme ha been held privately among researchers and is the last of the big names in gaming consoles to launch a public effort. So far, Sony has paid out just under $174,000 in bounties, with the average pay-out being $400 and the top so far being $40,000.
Last January, Xbox announced it was offering rewards of between $500 and $20,000 for anyone who can find critical flaws in its Xbox Live network or consoles.
The $20,000 bounty would be issued if someone could find a critical vulnerability that could lead to a remote code execution. Meanwhile, Nintendo was the first to offer a bug bounty programme back as far as 2016, also run by HackerOne.
Nintendo also said it would offer $20,000 to anyone who could find a critical vulnerability.