Sony have recently launched their bug bounty program for PlayStation. Security researchers and bug bounty hunters can now report any bugs affecting PlayStation-related devices expecting great rewards.
PlayStation Bug Bounty Program
Reportedly, Sony has recently introduced a dedicated bug bounty program covering PlayStation related devices.
The program launched on HackerOne – the popular bug bounty platform – will cover vulnerabilities affecting PlayStation 4 console, operating system, and related accessories, as well as the PlayStation Network.
However, any bugs in PlayStation 1, 2, and 3 are out of the scope of this program.
Regarding the scope, Sony has listed the following domains included in this program.
- *.playstation.net
- *.api.playstation.com
- *.sonyentertainmentnetwork.com
- playstation.com
- playstation.com
- api.playstation.com
- playstation.com
- playstation.com
Sony Sets Rewards Up To $50K
Sony has explicitly stated that they will reward bug bounty to the researcher who first reports a previously unreported flaw.Whereas, regarding the bounty, Sony has set up two tiers of rewards separately covering the vulnerabilities in PlayStation 4 and PlayStation Network.
For PlayStation 4, the rewards start from $100 for low severity bugs to $400, $1000, and $5000 for medium, high, and critical severity bugs, respectively.
Whereas, for PlayStation Network, they have set up relatively higher bounties. Specifically, these include $500, $2500, $10,000, and $50,000 for low, medium, high, and critical vulnerabilities, respectively.
Though, they have explicitly listed the following vulnerabilities as out-of-scope of this bounty program.
- Physical attacks involving the vendor's infrastructure and offices
- Social engineering attacks
- Scanner output or scanner-generated reports, including any automated or active exploit tool
- Bugs arising or linked with the compromise of employee accounts
- Network Vulnerabilities, such as account takeovers, clickjacking, spam, login/logout CSRF, fingerprinting, lack of security headers, and protocol level attacks.
Earlier this year, Microsoft also announced a bug bounty program for Xbox offering up to $20,000 as a reward.
Posted from my blog with SteemPress : https://latesthackingnews.com/2020/06/27/sony-announce-bug-bounty-program-for-playstation/