We may be very late in the PlayStation 4’s lifecycle, but Sony is still rightly concerned about protecting the millions of people who use its consoles to play games and download entertainment via the PlayStation Network. So this week, Sony publicly launched the PlayStation Bug Bounty Program.
Although this bug bounty program is being presented as new by Sony, Geoff Norton, Senior Director Software Engineering, SIE, stated that, “To date, we have been running our bug bounty program privately with some researchers. We recognize the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community.”
As is typical with bug bounties, Sony is offering cash rewards in exchange for discovering vulnerabilities hackers could take advantage of. Depending on the severity of the vulnerability, the payout can be substantial. Sony has teamed up with HackerOne to offer a number of rewards that reflect the seriousness of the security hole discovered.
Vulnerabilities are classed as Low, Medium, High, and Critical. For the PS4, the reward matches the classification, with Low earning $500, Medium $2,500, High $10,000, and Critical $50,000. Sony will consider reports for both the PS4 hardware and the operating system. For PSN, the rewards are much smaller, but still increase depending on the classification, with $100, $400, $1,000, and $3,000 on offer respectively.
To be eligible for a bounty payout, you obviously need to be the first person reporting a vulnerability, but Sony also needs you to act in good faith. That means responsibly disclosing a security hole through the HackerOne program and then giving Sony reasonable time to fix it. If you’re in line for a reward of up to $50,000, I’m sure it’s easy to stay quiet and give Sony all the time they ask for.