Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
xbox, bounty, bug bounty, rewards, microsoft

Xbox Bounty Program Rewards up to $20,000 to Identify Security Weaknesses

This article is over 4 years old and may contain outdated information

Microsoft has this week announced a bounty program with rewards up to $20,000 for high-quality reports that demonstrate security weaknesses in its Xbox Live Network.

Recommended Videos

The program is open to anybody who has the skills and ability to demonstrate bugs; rewards scale depending on the quality of the report and the type of security weakness identified. The figures range from $500 to $20,000 depending on the “vulnerability impact,” with Remote Execution listed as the most threatening and, therefore, the highest returning type of threat detection.

Microsoft outlines the purpose of the initiative over on its website:

“The goal of the bug bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of Microsoft’s customers.”

Full details of how to get started and a table highlighting the different reward tiers can be viewed over on the website.

Notably, there are several types of security threats that Microsoft is not interested in hearing about and will do not consider eligible for rewards. This includes:

  • Server-side information disclosure such as IPs, server names and most stack traces
  • Low impact CSRF bugs (such as logoff)
  • Denial of Service issues
  • Sub-Domain Takeovers
  • Cookie replay vulnerabilities
  • URL Redirects (unless combined with another vulnerability to produce a more severe vulnerability)

As noted by theverge, Microsoft has run bug bounty style programs in the past for its Windows 10 software, in that case offering a whopping $250,000 at its highest report tier.

In related news, Microsoft’s recent quarterly financial report revealed a drop in gaming revenue of 21% among other key takeaways.


Twinfinite is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Alex Gibson
Alex Gibson
Alex was a Senior Editor at Twinfinite and worked on the site between January 2017 and March 2023. He covered the ins and outs of Valorant extensively, and frequently provided expert insight into the esports scene and wider video games industry. He was a self-proclaimed history & meteorological expert, and knew about games too. Playing Games Since: 1991, Favorite Genres: RPG, Action
twitter