Sony has launched a bug bounty program to reward people who discover and report security vulnerabilities affecting PlayStation 4 and PlayStation Network.
The Japanese tech giant has partnered with the bug rewards platform HackerOne to administer the program and offers cash rewards at different levels, with the highest ones, for “critical” bugs on PS4, starting at $ 50,000.
The news was confirmed by Geoff Norton of Sony, who wrote in a blog post: “At PlayStation, we are committed to providing gamers around the world with great experiences.
“I am pleased to announce today that we have started a public PlayStation bug bounty program because the safety of our products is a critical part of creating amazing experiences for our community,” added Norton. “We believe that by working with the community security investigation we can offer a safer place to play.”
Norton said the program was open to the “security research community, gamers and anyone else to test the security of the PlayStation 4 and PlayStation Network.”
According to Sony, the scheme focuses primarily on vulnerabilities that affect the PlayStation 4 hardware, operating system, accessories and PlayStation 4 network.
“For the PlayStation 4 system, accessories and operating system, we will accept submissions in the current or beta version of the system software,” Sony explained on its HackerOne page.
When it comes to PlayStation Network, Sony is particularly interested in reports of security issues related to the following domains:
- * .playstation.net
- * .sonyentertainmentnetwork.com
- * .api.playstation.com
- my.playstation.com
- store.playstation.com
- social.playstation.com
- transact.playstation.com
- wallets.api.playstation.com
Different rewards
Although the show is geared towards PlayStation 4 glitches, Sony will also consider reports out of reach.
It said: “PlayStation may, at its discretion, accept submissions in earlier versions of the system software on a case-by-case basis.”
For rewards, Sony said the amounts “will differ based on the severity of vulnerability” and the “quality of the report.” It will only consider a “previously unreported” vulnerability.
The rewards amounts have been categorized by critical vulnerabilities, high, medium, and low, and researchers can claim rewards from $ 3,000 for critical PlayStation Network vulnerabilities and as low as $ 50,000 for critical PlayStation 4 vulnerabilities.
To alert Sony to a PS4 security vulnerability and to be considered for a cash reward, investigators are asked to create an account on HackerOne and report via the platform.
In April 2011, the PlayStation Network was hacked by yet unknown intruders, who achieved account records for 77 million users. Sony shut down the network for more than three weeks while cleaning things up.
