Sony has launched a bug bounty hunting reward programme in order to continue to find critical faults with the security of its PlayStation 4 console and the PlayStation Network. Participants in the programme who find exploits and loopholes in the console’s security could be rewarded up to $50,000.
This announcement was made by Sony Interactive Entertainment Senior Director of Software Engineering Geoff Norton, who says the company has partnered with a bug bounty platform, HackerOne, for the programme.
“At PlayStation, we are committed to providing gamers all over the world with great experiences. I’m happy to announce today that we have started a public PlayStation Bug Bounty programme because the security of our products is a fundamental part of creating amazing experiences for our community,” reads the statement.
“We have partnered with HackerOne to help run this programme, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network.”
The programme has rewards for various issues, including critical issues on the PS4. Finders of critical vulnerabilities for PS4 can expect to be rewarded via bounties starting at $50,000.
Norton writes that Sony has been runnings its bug bounty programme privately with a group of researchers, and have now “recognised the valuable role that the research community plays in enhancing security”.
The Scope of the Programme
According to HackerOne, bounties are being offered for finding bugs in the PlayStation 4 system, its OS, accessories and the PlayStation Network.
In terms of the network, the domains beneath the scope include:
For the PS4 and its OS and accessories, HackerOne will accept submissions on the current released or beta version of system software. “PlayStation may at its discretion accept submissions on earlier versions of system software on a case by case basis,” the post reads.
No bounties are being offered for findings bugs in consoles or domains that the company considers “out-of-scope” including hardware – PS1 to PS3, including PS Vita and the PSP. No rewards will also be paid for finding any exploits within Sony’s corporate IT infrastructure, or software published by third parties, amongst others.
Sony and HackerOne encourage participants and hopeful participants to disclose bugs responsibly. To return issues promptly and with sufficient detail for Sony to test the validity of the report and without coercion, dishonesty and fraudulent intent.
Interested participants can send their bug reports to Sony on the HackerOne PlayStation 4 Bug Bounty Programme Page.