Sony launch PlayStation Bug Bounty to improve system security

With ever increasing threats to our security and privacy in the digital age, Sony have taken a proactive step to help make PlayStation consoles more secure. The PlayStation Bug Bounty program will offer a reward to security researchers, gamers and anyone else that is able to find a critical vulnerability on the PlayStation 4 or through PlayStation Network.

The program is being run in partnership with HackerOne, with the rewards for finding a flaw scaling depending on the severity of the vulnerability found and whether it affects PlayStation 4 or PlayStation network. This ranges from $100 for a low end threat on PSN, up to $50,000 for a critical vulnerability on PlayStation 4.

Sony and HackerOne outline the kinds of vulnerabilities that will be included and the scope of the program here.

Sony have previously run a bug bounty program privately with security researchers, but join Microsoft in making their console program public facing. Microsoft obviously have a much broader set of systems, software and infrastructure to be concerned about, with the Xbox bounty rewards ranging from $500 to $20,000. You can find details of Microsoft’s bounty program here.

Bug bounty programs are fairly common through the tech industry, with the increasingly complex nature of consumer devices and network infrastructure making the likelihood of security flaws existing exponentially higher. Combine that with our ever-expanding digital footprints, any security flaw can theoretically lead to confidential and private data or financial details being put in the hands of those up to no good. Sony have been on the wrong end of this in the past with the 2011 PlayStation Network hack exposing the details of 77 million PlayStation users. The hope is that Bug Bounty systems can close off those vulnerabilities before they’re widely exploited, while also creating a legitimate avenue for hackers to take with their discoveries.

Now is exactly the right time for Sony to take their bug bounty program public, allowing it to bed in over the next few months in the run up to the PlayStation 5’s launch. That’s when the real work will begin, with Sony creating an extensive overhaul of the PS5’s system UI and functionality, which could easily leave some security holes in the system.

Source: HackerOne

Written by
I'm probably wearing toe shoes, and there's nothing you can do to stop me!