Microsoft Announces Xbox Live Bug Bounty With Payouts As High As $20,000

Microsoft introduced the Xbox Bounty Program last Thursday to invite "gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team."

The company will pay between $500 and $20,000 via the program based on the severity of a reported vulnerability. Microsoft didn't provide an example of an issue worth $500, but the most valuable bounties are given for high quality reports on critical vulnerabilities that enable remote code execution attacks.

Microsoft said bug reporters aren't required to own an Xbox console or subscribe to Xbox Live. (Although it noted that access to either category of product "may be useful.") It won't provide researchers with hardware or Xbox Live memberships, either, so anyone who wants access to them has to pay up.

More information about the program--including Microsoft's definition of a high quality report, how the company expects researchers to test their findings and more--can be found on the company's website. Certain terms and conditions apply.

This kind of bug bounty expansion has been a bit of a thing in recent months. Google recently announced that it paid out $6.5 million via its bug bounty programs in 2019, for example, in part because it expanded them to additional products. Apple also recently introduced its first public bug bounty program.