Sony launches PlayStation bug bounty program with rewards of up to $50,000

Sony has launched a bug bounty program for the PlayStation 4 and the PlayStation Network through HackerOne. Finding a hardware vulnerability can yield up to $50,000. For PSN, that is a maximum of 3000 dollars.

Sony was already present at HackerOne and researchers were already able to report vulnerabilities in the company’s hardware and software, but now a specific program has been set up for the PlayStation 4 and PSN, which determines which finds are eligible for a reward.

The program lists a specific number of domains that fall within its scope. In terms of hardware, it only concerns the PlayStation 4 and specifically the most recent firmware or beta firmware. Sony does keep the door open to pay out rewards for finding vulnerabilities in older firmware versions, but that will be assessed on a case-by-case basis. Sony will not reward you for finding vulnerabilities in older PlayStation consoles or handhelds.

A critical vulnerability in the PlayStation 4 will earn the finder up to $50,000. Vulnerabilities rated as high, medium, or low risk are worth $10,000, $2,500, and $500, respectively. Sony has $3,000 to spare for reports of critical vulnerabilities in the PlayStation Network. Vulnerabilities with the risks classified as high, medium, or low account for $1,000, $400, and $100.

Sony says it previously had a PlayStation bug bounty program, but that was a closed project where Sony had direct contact with a number of security researchers. Now that the program is on HackerOne, anyone can participate.

Microsoft started an Xbox bug bounty program on HackerOne this year. A maximum of 20,000 dollars can be earned for finding a vulnerability. Nintendo is offering the same amount for critical vulnerabilities in its Switch and 3DS hardware.