PlayStation announces bug bounty program

PlayStation has announced the launch of its public bug bounty program aimed at finding vulnerabilities on both the PlayStation 4 and PlayStation Network.

In a blog post, senior director of software engineering at SIE, Geoff Norton explained why the company has now decided to open its bug bounty program up to the public, saying:

“To date, we have been running our bug bounty program privately with some researchers. We recognize the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community.”

Unlike Microsoft which launched its Xbox bounty program on its own earlier this year, PlayStation is partnering with the bug bounty platform HackerOne which will pay out bounties to security researchers who discover in scope vulnerabilities.

PlayStation Bug Bounty program

PlayStation will pay security researchers to find low, medium, high and critical vulnerabilities on the PlayStation 4 and PlayStation Network.

According to the program’s HackerOne page, finding vulnerabilities in the PlayStation Network will net researchers anywhere from $100 for low severity vulnerabilities and all the way up to $3,000 for critical vulnerabilities. PlayStation 4 vulnerabilities though could be much more profitable for researchers as the company will pay $500 for low severity vulnerabilities and all the way up to $50,000 for critical vulnerabilities.

Sony’s past consoles including the PlayStation 1, PlayStation 2, PlayStation 3, PS Vita and PSP are out of the program’s scope and any vulnerabilities discovered in them will not lead to a bug bounty reward.

PlayStation’s bug bounty program will not only benefit security researchers but also gamers, as the security of the company’s products is a “fundamental part of creating amazing experiences” for its community.

Source Article