Sony has announced a new partnership with HackerOne to help research, discover, and patch out vulnerabilities affecting the PlayStation 4 and PlayStation Network. In this partnership, Sony will be hosting the PlayStation Bug Bounty program, offering cash payouts for vulnerabilities of all natures.
The PlayStation Bug Bounty program, as of the writing of this article, has already received 88 bug reports and offered a payout of $173,900 across the various bounties with the average bounty paying out $400. Not every vulnerability is eligible for payouts from Sony and HackerOne but Sony does have a system in place to allow security researchers to safely report vulnerabilities via good faith activities.
If you find a vulnerability on a Sony asset that is not covered by the PlayStation program, please report it through Sony’s public Vulnerability Disclosure Program.
The scope of the PlayStation Bug Bounty program rests on two main pillars of the PlayStation ecosystem: the PlayStation 4 system itself, including the OS and accessories, and the PlayStation Network. Sony isn't currently offering paid bounties for any other legacy hardware such as the PlayStation 3 or PlayStation Vita, nor is it seeking out vulnerabilities for third party software and applications. Below is the currently announced scope for the PlayStation Bug Bounty program.
Sony isn't issuing an embargo on reports made in good faith and is offering researchers the opportunity to disclose their findings after "reasonable time" for Sony
Give us reasonable time to remediate vulnerabilities before talking about them publicly and notify us of your disclosure plans in advance. If you would like to disclose a resolved vulnerability, make the request directly in your report. We look forward to disclosing issues that positively contribute to the security community.
Sony has been running the PlayStation Bug Bounty program through HackerOne for nearly six months now but this is the first time that Sony has opened the program to the security research community at large. If you possess a skill set as an ethical white hat hacker and want to put a little bit of extra cash in your pocket, Sony is offering large sums of money including bounties starting at $50,000 for critical vulnerabilities affecting the PlayStation 4.
