- Sony has opened its bug bounty program to the public, offering large payouts.
- The most critical vulnerabilities that are reported by researchers are worth at least $50,000.
- Xbox (Microsoft) and Nintendo have a ceiling of $20,000, so the difference is enormous.
The image of the jaw-dropping design of the upcoming PlayStation 5 may be all that is stuck in gamers’ minds right now, but the previous generation remains the most widely used console in the world. It means that Sony is interested in keeping it secure from hackers and jailbreakers, and this is why the firm has launched an open bug bounty program on HackerOne. The scope is pretty wide, including the OS, the console’s accessories, the PS Network, and all of its portals. Other products and generations are out of scope, though.
So, if you can find any vulnerability in the PS4, Sony is prepared to pay you between $500 and $50,000 (depending on the severity). For the PlayStation Network, the bounty payouts range from $100 and up to $3,000. As Sony clarifies, these are the minimum bounties that will be given to the reporters, and depending on the finding, the payouts may go much higher. From the initiation of the program, which was previously closed, 41 hackers reported 154 vulnerabilities, receiving an average of $400 for their discoveries. Sony has resolved 88 of the reports already.
The company has been working with a closed team of security researchers so far, and so this latest announcement marks the beginning of the public bug bounty program. Expanding the program to a wider research community is a natural development after having plugged the most crucial bugs found by the previous team. This minimizes the risk of having to deal with damaging exposure and facing overwhelming disclosures.
In comparison, the Xbox bug bounty program launched in January 2020 offers a maximum of $20,000 to the ones reporting RCE flaws in the console or the Xbox Live network services. Nintendo is also paying up to $20,000, depending on the severity of the reported faults, as well as the quality of the report itself.
There are over a hundred million active PS4 consoles out there based on the number of monthly active PlayStation Network users. While many of them will hop to the PS5 when it’s out, Sony needs to stay committed to the safety of this humongous customer base. But this is not only about securing a sun-setting platform, but also about doing preliminary work for the next one. Some components of the console OS and the PlayStation Network will stay the same or operate similarly in PS5, so getting to know where things may have gone wrong is never a bad thing.