‘A wider variety of vulnerability reports’ are now within scope

Rockstar Games has widened its invite-only bug bounty program to include Red Dead Redemption 2, an action-adventure video game set in the American Wild West.

In a post on HackerOne, its bug bounty partner, the video game giant said: “To date, the private program has been a targeted bounty campaign to root out a very specific type of potential vulnerability in Grand Theft Auto Online.”

Launched in April 2016, the private program now accepts, as of November 5, “a wider variety of vulnerability reports for in-scope vulnerability categories”.

As with Grand Theft Auto V and Grand Theft Auto Online, the extended program applies to Red Dead Redemption 2 and Red Dead Online on PS4, Xbox One, and PC. Bugs discovered in the Red Dead Redemption 2 Companion App and iFruit Mobile App are also within scope.

A $150 minimum bounty for successful finds – excluding in-game bugs and glitches, cheats and mods – will rise in tandem on a progressive scale depending on the “severity and complexity” of discovered vulnerabilities.

Test ban treaty

Researchers will be disqualified from claiming bounties if their “testing negatively affect[s] […] users”. The company also said “bans received while testing for issues will not be reversed.”

Find out more about the program’s limitations, exclusions and other details.

Red Dead Redemption 2, which has sold more than 25 million copies, was released – for the PlayStation 4 and Xbox One in October 2018, for Microsoft Windows in November 2019 – to critical acclaim.

Rockstar Games, which is headquartered in New York, launched a public program for Grand Theft Auto Online through HackerOne in 2017.

The video game publisher said it is also still “offering a $10,000 bounty for any researcher who can successfully identify a reproducible incorrect ban in Grand Theft Auto Online.”

More than a year since the bounty was first announced, Rockstar is “yet to find any evidence” of such “false positives”.


YOU MIGHT ALSO LIKE Esports gaming skills pave the way for cybersecurity careers