Microsoft Xbox has announced a new bug bounty program in an attempt to use the public's help to identify critical bugs in the Xbox software ecosystem. The bounties will be decided according to the severity of the bug, its security impact and the quality of report submitted by the researcher (bounty hunter). Many companies have announced bug bounty programs in the past as a way of finding critical problems in their software systems. In this program, there are multiple tiers of security impacts, from Remote Code Execution to Tampering. Each security impact has its bounty rewards decided by its severity ranging from critical to low and three levels of report quality. To qualify for an eligible submission, a researcher must identify a previously unreported vulnerability that can be reproduced in that latest, fully patched version of Xbox Live network and services at the time of submission. The report must also include clear, concise, and reproducible steps, either in writing or in video format. Some examples offered by Microsoft for vulnerabilities include Cross site scripting (XSS), Cross site request forgery (CSRF), Insecure direct object references, Insecure deserialization, etc. Those interested in providing submissions may do so using the MSRC Submission portal, following the recommend ...
Read Here»
Subscribe to:
Post Comments (Atom)
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.