After some time of being secretive about taking the initiative to bolster its products’ defenses by addressing existing exploits based on inputs from people in the “security research community,” Sony is officially unveiling to the public the PlayStation Bug Bounty Program.
Sony is running the program with HackerOne, the self-proclaimed “industry standard for hacker-powered security.”
The Hunt for Exploits
The move effectively adds Sony from a list of other manufacturers who resort to a bounty program to offset their products from exploitation. For Sony, specifically, this concerns not just the PlayStation 4, but also the PlayStation Network (PSN) as well.
The bounty pays between the ranges of $100 to $50,000, depending on the nature of vulnerabilities being addressed. Minor exploits tend to fall on the low-pay range while critical exploits pay by the thousands.
Notable Figures Joined the Program
Those who are active audiences in the hacking scene will find surprise coming across two names who were recipients of the program. Namely, Oct0xor, who was paid a total of $75,000 for six exploits, and TheFlow, who was paid $10,000 for a single exploit.
Sony finally opens their @PlayStation bug bounty program to the public! https://t.co/UcQ7iLZwiq
— Boris Larin (@oct0xor) June 24, 2020
Before becoming known for his alias, TheFlow has long been in the scene. However, he is most popular for bringing the lite custom firmware and a handful of useful plugins for the PS Vita.
Oct0xor may not have as great an impact as TheFlow but remains as among the significant individuals in the hacking scene. For someone who touts himself as having hacked “PlayStation” and a zero-day exploits hunter at Kaspersky GReAT, the guy has the potentials indeed.
Over several months, Sony had addressed 88 vulnerabilities and had paid a total of $170,000 of bounties.
The Program’s Aftereffect
The revelation of the news may seem like a backstab to those who expect much from leaders of the hacking scene. But, on the other hand, the notion that such talents are choosing to jump ship because of a lump sum is hardly a surprise.
Not only is the job that these supposed hackers do is an often thankless job, but it also pays peanuts, a pittance, especially in comparison to what big companies, the likes of Sony, that are willing to pay to safeguard their product.
Running a bounty program to address certain issues directly from the minds of the hackers themselves does come with a benefit for Sony. But on the opposite side of the spectrum, the hacking community is becoming mired with distrust, one that could potentially divide its active members and lower camaraderie.
Image used courtesy of HackerOne