Sony has made its bug bounty programme for the PlayStation 4 console and the PlayStation Network public. It is a reward system for researchers or whoever finds a bug in Sony’s PlayStation related devices and reports it to the company, so it can patch it before the same is exploited. As per the company’s blog post, the bug bounty programme or vulnerability rewards programme was initially closed to researchers only, but has now been opened to the public. It is being managed through Hackerone, which is known for hosting such programmes for other large companies. With this, Sony joins Nintendo and Microsoft, both of which previously started their own bug bounty programme.
Sony made the announcement on its blog stating, “We believe that through working with the security research community we can deliver a safer place to play. We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network”.
As per the details mentioned on Hackerone, Sony is offering multiple reward denominations depending on the bug. In case of PlayStation Network, low-risk bugs come with a $100 (roughly Rs. 7,600) reward, medium-risk bugs have a $400 (roughly Rs. 30,300) reward, high-risk bugs have $1,000 (roughly Rs. 75,600) reward, and critical bugs have a $3,000 (roughly Rs. 2.26 lakh) reward. In case of PlayStation 4, low-risk bugs get a $500 (roughly Rs. 37,800) reward, medium-risk bugs get $2,500 (roughly Rs. 1.8 lakh), high-risk bugs get $10,000 (roughly Rs. 7.6 lakh), and reports for critical bugs get a whopping $50,000 (roughly Rs. 37.8 lakh). Sony is offering the highest maximum reward compared to Microsoft and Nintendo, both of which offer a maximum of $20,000 (roughly Rs. 15.1 lakh).
The bugs can be related to the PlayStation operating system and its accessories as well. The operating system includes the currently released or beta version of system software.
Sony does state that PlayStation at its sole discretion will determine whether or not a bounty should be rewarded. And, the reported bug or vulnerability should be new and not previously reported. “Reward amounts will differ based on vulnerability severity, as well as the quality of the report. Sony will only award a bounty to the first researcher to have reported a previously unreported, vulnerability”, the Hackerone page states.
To recall, Microsoft started its bug bounty programme in late January this year. Its rewards start at $500 for low-risk bug discovery and go up to $20,000 for critical bugs.