Sony Will Now Pay Researchers $50,000+ For Critical PS4 Bugs
Sony announced that it’s opening its bug bounty program to the public, and will pay for newly discovered bugs and exploits that impact either the PlayStation 4 or their online PlayStation Network.
“We believe that through working with the security research community we can deliver a safer place to play. We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network. Our bug bounty program has rewards for various issues, including critical issues on PS4. Critical vulnerabilities for PS4 have bounties starting at $50,000.” Geoff Norton Senior Director Software Engineering, SIE, wrote in a blog post.
According to the company’s new PlayStation bug bounty program (aka Vulnerability Disclosure Program) hosted on HackerOne, Sony wants the research community to report any issues found in the PlayStation 4 system, operating system, accessories, and the PlayStation Network.
Sony explains that only “submissions on the current released or beta version of system software” will be accepted but it may also “accept submissions on earlier versions of system software on a case by case basis.”
Bugs found in the PlayStation Network will have base bounties of $100-$3,000 or more (depending on severity), while critical bugs found related to the PS4 itself will pay $50,000 or more. You can see Sony’s breakdown, including what’s in/out of the program’s scope, right here.
In a blog post announcing the bug bounty program, Sony notes that they’ve actually been running this program quietly with a handful of researchers for a while now — today, though, they’re opening it up to anyone with the skill and interest. The program’s HackerOne page says Sony has already paid out over $170,000 to researchers, with an average bounty of around $400.