Most gamers aren't going to take the time to look under the hood of what they play. But for those who do — and for those who like to ferret out security issues — the Xbox Bounty Program promises a minimum of $500 depending on how problematic the vulnerability is deemed.
The Xbox network launched in 2002, Microsoft said, and the decision to launch the new bounty program is tied with finding concerns that "have a direct and demonstrable impact on the security of Xbox customers," said Chloé Brown, program manager of the Microsoft Security Response Center, in a statement.
Microsoft will pay more for better quality reports on the vulnerability
Alerting Microsoft requires more than just an email, but a complete submission that includes a problem that hasn't been reported before, plus steps that show how to reproduce the security issue. And you can end that in either writing or in video. Note that you do also need an Xbox network account.
How much can you earn? Microsoft will pay up to $20,000 and ranges are based on not just the severity of the issue, but on how important the concern is and the report quality. The higher quality reports will be the ones that make it very (very) simple for an engineer to both repeat the vulnerability — and fix the problem as well. And Microsoft handily includes some examples of what a high-quality report, and also a low-quality report, would look like.
Payouts, again, range with a security feature bypass or spoofing might pay up to $5,000, while a remote code execution could pay the top amount of $20,000.