Still not enough for a Bug-atti.
If you’re sitting at home twiddling your thumbs and basking in the whir of your PlayStation 4 fans, why not try rooting around for some bugs – as finding a critical vulnerability could now land you $50k.
As announced via the PlayStation blog, the new “Bug Bounty Program” is being run in collaboration with HackerOne, the security company also working with Riot on a bug-hunting program for Valorant. The rewards for spotting an exploit reach up to $100k for kernel driver exploits on that one, mind you.
HackerOne lists the potential rewards for finding different PlayStation bugs on its website, with the very lowest reward (for low-level threats to PlayStation Network) earning bug-hunters $100 (£80.60), while finding critical vulnerabilities could earn you $50k (£40.2k). Sony’s own blog post states that $50k is the starting point, however, so it’s possible you could earn more for finding something really bad.
“To date, we have been running our bug bounty program privately with some researchers”, Sony said in the post. “We recognise the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community.”
Bug bounty programs are frequently used by tech companies to ferret out exploits, and have been used by giants such as Microsoft, Google and Facebook. Opening up the search to security researchers means vulnerabilities missed during the development process have a chance of being picked up. It also provides a route for hackers to earn money with a “good faith” disclosure rather than holding the company to ransom. Although, from the perspective of security researchers, it’s possible to spend hours searching for vulnerabilities without results, or end up not getting paid for your work. At least PlayStation is offering more than a t-shirt.