If you are good at identifying bugs and security threats in programs, here is a challenge for you. Microsoft is willing to pay a bounty of $20,000 to security researchers who can identify flaws in Xbox Live Networks and services. Most importantly, these flaws should be reproduced in the latest and fully patched version. If you can prove that the flaw you identified can be replicated on the latest version of the Xbox Live platform, you can rest assured that you’ll take home a cool $20,000 Xbox Live bounty.
Microsoft’s Xbox Live bounty is not easy to win
However, the bounties will only be paid at Microsoft’s own discretion. The vulnerability you discover needs to be severe enough, and the submission you make must impress Microsoft’s team. There are also some important terms and conditions that you will need to comply with. The bounty amount depends on how critical a flaw really is. It can range from as low as $500 to as high as $20,000.
To make sure you win the bounty, here is what you need to do:
- Ensure that you have the skills to identify critical flaws and security threats in Xbox Live.
- Identify flaws that are critical and make sure that you comply with the terms and conditions
- Write a high-quality report which allows Microsoft’s engineers to quickly address the issue in hand
- You can provide information in the form of a video, a write-up, or a description of the bug. Ideally, your submission should include all these features.
- Make sure to include a proof of concept as well
Microsoft will not compensate for your time or attempts
While Xbox Live bounty seems like an easy way of making money if you know how to identify bugs, it is not so straight forward. You will probably need to spend hours decoding various programs and testing vulnerabilities before you hit the jackpot. In addition, Microsoft will not provide you with a free console or an Xbox Live subscription just for attempting to discover risks. Make sure that you have enough spare time to invest in something that may not fetch you reward ultimately.