Sony has launched a PlayStation 4 bug bounty programme which could see participants being paid R870,000 or more for finding critical bugs on its PlayStation 4 console.
In a blog post on Thursday, Sony Interactive Entertainment Senior Director of Software Engineering Geoff Norton said the company has partnered with bug bounty platform HackerOne for the program.
He invited the security research community, gamers, and any other interested parties to test the security of the console and the PlayStation Network.
“We believe that through working with the security research community we can deliver a safer place to play,” Sony stated.
For PlayStation 4 reports, rewards will range from $500 (R8,707) for low-priority issues to $50,000 (R872,035) or more for critical problems, based on the severity of the identified vulnerability and the quality of the report.
For the PlayStation Network, rewards start at $100 (R1,740) and peak at $3,000 (R52,250).
“PlayStation will determine, in its sole discretion, whether a bounty will be awarded,” HackerOne stated.
It added that Sony will only award a bounty to the first researcher to have reported a previously-unreported vulnerability.
The program’s scope covers reports on the PlayStation 4 system, operating system, accessories, and the PlayStation Network (PSN).
For PlayStation Network, the following domains apply:
The program will accept submissions on the current released or beta version of system software but added PlayStation may at its discretion accept submissions on earlier versions of system software on a case-by-case basis.
No rewards will be paid for bugs on previous consoles, domains, Sony’s corporate IT infrastructure, open-source software vulnerabilities which have been public for less than seven days or software published by third parties.
Sony encouraged participants to disclose bugs responsibly, by reporting issues promptly, with sufficient detail to determine the validity of the vulnerability, and without coercion, dishonesty, or fraudulent intent.
How to report
Interested parties can submit their reports on the HackerOne PlayStation 4 Bug Bounty Program page.
The table below outlines the estimated rewards for each level of vulnerability on the PlayStation 4 and PlayStation Network.