Microsoft yesterday introduced the new Xbox Bounty Program. As part of this program, gamers, security researchers, and others can identify security vulnerabilities in the Xbox Live network and services and get bounty from the Xbox team. Depending on the severity and impact of the vulnerability and the quality of the submission, you can earn up to $20,000 USD.
The following are examples of vulnerabilities that may lead to one or more of the above security impacts:
- Cross site scripting (XSS)
- Cross site request forgery (CSRF)
- Insecure direct object references
- Insecure deserialization
- Injection vulnerabilities
- Server-side code execution
- Significant security misconfiguration (when not caused by user)
- Using a component with known vulnerabilities (when demonstrated with a working proof of concept)
You can learn more about this program from the source link below.