Microsoft introduces Xbox Bounty program with awards up to $20,000

Xbox One S
Xbox One S (Image credit: Daniel Rubino | Windows Central)

What you need to know

  • Microsoft announced the Xbox Bounty program today.
  • The program will pay out between $500 and $20,000 to people who find security vulnerabilities.
  • The program focuses on securing the Xbox network.

Microsoft announced the Xbox Bounty program today. The program aims to find security vulnerabilities within the Xbox network. People can earn rewards between $500 and $20,000 for finding and documenting vulnerabilities. Microsoft outlines the new program in a blog post (opens in new tab).

In the program's announcement post, Microsoft "invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services."

The program's page (opens in new tab) breaks down what constitutes an eligible submission and what rewards people will receive for finding different vulnerabilities. For example, reporting a spoofing attack could lead to a reward of up to $5,000, and reporting a remote code execution exploit could lead to a reward between $10,000 and $20,000.

Microsoft explains that high-quality reports include "information necessary for an engineer to quickly reproduce, understand, and fix the issue." These could include a concise write-up or a video, a description, and attached proof of concept.

Bounty programs like this aren't new for Microsoft. Microsoft had a bug bounty program for vulnerabilities like Meltdown and Spectre in 2018 and has similar programs for other technologies. Bounty programs allow Microsoft to combine its own internal testing with the knowledge and fresh set of eyes that the public provides.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).

2 Comments
  • Must be from all that extra profit they got by replacing a Q&A department with an Insider program.
  • This is actually a cheap way to get loads of people to test their security system and find any vulnerabilities.
    And they only pay for those who get some results.
    The people need to work on the problem find something and even need to write a quality report...