The news here isn’t that Sony is finally giving PS4 bugs some attention because it has had a bug bounty program for quite some time but it wasn’t open to the public. Sony has launched a PlayStation 4 bug bounty programme which could see participants being paid $50,000 for finding critical bugs on its PlayStation 4 console, which is roughly equivalent to R870,000 and ZWL$5Million or more (please note, not trying to be sarcastic, but next time won’t be using the ZWL Zimbabwean dollar valuation, will rather stick to Rands valuation otherwise the figures will tumble your heads before you could even finish reading the figures due to the high inflation there).
With the launch of the PlayStation 5 (PS5) just around the corner, Sony is still giving its current PS4 console some much-needed attention by opening up its bug-hunting program to the public at large, that in a blog post on Thursday, Sony Interactive Entertainment Senior Director of Software Engineering Geoff Norton said the company has partnered with bug bounty platform HackerOne for the program.
He invited the security research community, gamers, and any other interested parties to test the security of the console and the PlayStation Network. “We believe that through working with the security research community we can deliver a safer place to play,” Sony stated.
For PlayStation 4 reports, rewards will range from $500 (R8,707) for low-priority issues to $50,000 (R872,035) or more for critical problems, based on the severity of the identified vulnerability and the quality of the report. For the PlayStation Network, rewards start at $100 (R1,740) and peak at $3,000 (R52,250).
“PlayStation will determine, in its sole discretion, whether a bounty will be awarded,” HackerOne stated. It added that Sony will only award a bounty to the first researcher to have reported a previously-unreported vulnerability.
Scope
The program’s scope covers reports on the PlayStation 4 system, operating system, accessories, and the PlayStation Network (PSN). For PlayStation Network, the following domains apply:
- *.playstation.net
- *.sonyentertainmentnetwork.com
- *.api.playstation.com
- my.playstation.com
- store.playstation.com
- social.playstation.com
- transact.playstation.com
- wallets.api.playstation.com
The program will accept submissions on the current released or beta version of system software but added PlayStation may at its discretion accept submissions on earlier versions of system software on a case-by-case basis.
No rewards will be paid for bugs on previous consoles, domains, Sony’s corporate IT infrastructure, open-source software vulnerabilities which have been public for less than seven days or software published by third parties.
Sony encouraged participants to disclose bugs responsibly, by reporting issues promptly, with sufficient detail to determine the validity of the vulnerability, and without coercion, dishonesty, or fraudulent intent.
How and Where to Make a Report
Interested parties can submit their reports on the HackerOne PlayStation 4 Bug Bounty Program page.
The table below outlines the estimated rewards for each level of vulnerability on the PlayStation 4 and PlayStation Network.
| Critical | High | Medium | Low | |
|---|---|---|---|---|
| PSN | $3,000 | $1,000 | $400 | $100 |
| PlayStation 4 | $50,000 | $10,000 | $2,500 | $500 |
