Skip to main content

Microsoft introduces Xbox Bounty program with awards up to $20,000

Xbox One S
Xbox One S (Image credit: Daniel Rubino | Windows Central)

What you need to know

  • Microsoft announced the Xbox Bounty program today.
  • The program will pay out between $500 and $20,000 to people who find security vulnerabilities.
  • The program focuses on securing the Xbox network.

Microsoft announced the Xbox Bounty program today. The program aims to find security vulnerabilities within the Xbox network. People can earn rewards between $500 and $20,000 for finding and documenting vulnerabilities. Microsoft outlines the new program in a blog post (opens in new tab).

In the program's announcement post, Microsoft "invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services."

The program's page (opens in new tab) breaks down what constitutes an eligible submission and what rewards people will receive for finding different vulnerabilities. For example, reporting a spoofing attack could lead to a reward of up to $5,000, and reporting a remote code execution exploit could lead to a reward between $10,000 and $20,000.

Microsoft explains that high-quality reports include "information necessary for an engineer to quickly reproduce, understand, and fix the issue." These could include a concise write-up or a video, a description, and attached proof of concept.

Bounty programs like this aren't new for Microsoft. Microsoft had a bug bounty program for vulnerabilities like Meltdown and Spectre in 2018 and has similar programs for other technologies. Bounty programs allow Microsoft to combine its own internal testing with the knowledge and fresh set of eyes that the public provides.

Sean Endicott is the news writer for Windows Central. If it runs Windows, is made by Microsoft, or has anything to do with either, he's on it. Sean's been with Windows Central since 2017 and is also our resident app expert. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.

2 Comments
  • Must be from all that extra profit they got by replacing a Q&A department with an Insider program.
  • This is actually a cheap way to get loads of people to test their security system and find any vulnerabilities.
    And they only pay for those who get some results.
    The people need to work on the problem find something and even need to write a quality report...