Bust bugs, get paid.
If you’re the kind of person who is really good at breaking software in really specific ways, then we’ve got an intriguing money-making opportunity for you. Microsoft is launching a bounty program to encourage enterprising Xbox One owners to track down and blow the whistle on bugs and errors within Xbox Live. Here’s the part you care about: the bounty payouts for any discovered bugs range from $500 to a respectable $20,000, depending on their severity.
So what is Microsoft actually looking for here? The biggest, juiciest payouts are reserved for anyone who can track down critical remote code execution or elevation of privilege flaws. Basically, stuff that would allow a hacker to use your Xbox remotely. If you’re looking for more reasonable targets, there are also bounties out for security bypasses, information disclosure, spoofing, and general tampering. These bugs could net you up to a cool $5,000. Anyone is welcome to take a swing at these bounties, but Microsoft won’t just take your word for it. You’ll need to provide a detailed write-up on any bugs you uncover, including a proof-of-concept. A video report is also acceptable. Microsoft has also stressed that they don’t want anyone to get carried away with this; they’re not looking for DDoS testing or social engineering attacks.
If you’re looking to submit a bug report, follow Microsoft’s instructions here. Microsoft likely wants to iron out as many Xbox Live bugs as possible before they launch the Series X and Project xCloud, and they’re willing to accept whatever help they can get to do it.