Microsoft introduces Xbox Bounty program with awards up to $20,000

Xbox One S
Xbox One S (Image credit: Daniel Rubino | Windows Central)

What you need to know

  • Microsoft announced the Xbox Bounty program today.
  • The program will pay out between $500 and $20,000 to people who find security vulnerabilities.
  • The program focuses on securing the Xbox network.

Microsoft announced the Xbox Bounty program today. The program aims to find security vulnerabilities within the Xbox network. People can earn rewards between $500 and $20,000 for finding and documenting vulnerabilities. Microsoft outlines the new program in a blog post.

In the program's announcement post, Microsoft "invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services."

The program's page breaks down what constitutes an eligible submission and what rewards people will receive for finding different vulnerabilities. For example, reporting a spoofing attack could lead to a reward of up to $5,000, and reporting a remote code execution exploit could lead to a reward between $10,000 and $20,000.

Microsoft explains that high-quality reports include "information necessary for an engineer to quickly reproduce, understand, and fix the issue." These could include a concise write-up or a video, a description, and attached proof of concept.

Bounty programs like this aren't new for Microsoft. Microsoft had a bug bounty program for vulnerabilities like Meltdown and Spectre in 2018 and has similar programs for other technologies. Bounty programs allow Microsoft to combine its own internal testing with the knowledge and fresh set of eyes that the public provides.

CATEGORIES
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.