Offering a $50k minimum for critical PS4 flaws, Sony flashes more cash than rivals Nintendo and Microsoft

PlayStation, white PS5 logo, black background

Sony has launched a public bug bounty program for its PS4 console and PlayStation Network on the HackerOne platform.

Successful reports of critical vulnerabilities in the PS4 hardware and operating system will net security researchers bounties of at least $50,000.

This eclipses the $20,000 ceiling for critical flaws submitted to the vulnerability disclosure programs of Sony’s two biggest rivals in the gaming console market, Nintendo and Microsoft.

In-scope assets include the PS4 system, accessories, and current release or beta version of the system software, plus eight PlayStation Network domains.

PlayStation’s public program replaces an invite-only program that it launched last year.

Bumper bounties

Sony has paid out bounties totalling around $174,000 since launching this earlier private program, with $40,000 the biggest bounty so far, according to PlayStation’s bug bounty page on HackerOne.

Bug hunters who discover security minor flaws in the PlayStation Network, its digital media platform, could earn rewards ranging between $100 and $3,000.

PS4 security bugs could net them between $500 and $50,000, and potentially beyond.

The news was announced in a post published on the Playstation blog on Wednesday (June 24) by Geoff Norton, senior director software engineering at PlayStation.

“We are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network,” said Norton.

“We recognize the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community.”

RELATED Level up: How an increase in bug bounty programs is protecting online gamers

Cloud-based risks

Growing numbers of video other game developers are launching bug bounty programs, including Rockstar Games, InnoGames, and Riot Games.

The shift to a cloud-based model has opened up the industry to new security threats, including credential stuffing attacks and the use of stolen credentials to purchase, and later sell on, in-game currency and other items.

A US-based individual is currently awaiting sentencing in relation to the theft of thousands of confidential Nintendo files following a phishing attack, while in April there were fears that malicious hackers could exploit the leak of source code for Team Fortress 2 and Counter-Strike: Global Offensive.

Steve Ragan, a security researcher at Akamai, recently told The Daily Swig that “the social element” represented a “major attack surface” in the interactive modern gaming arena.

However, he noted that social engineering attacks were excluded from Microsoft’s program, something that is also the case for its PlayStation counterpart.

Sony is set to launch the next model in its PlayStation console series, the PS5, later this year.

YOU MIGHT ALSO LIKE Cheats, hacks, and cyber-attacks: Esports cybercrime poised to soar