Sony will now pay $50,000-plus bounties for critical PS4 vulnerabilities

25 Jun 2020

Image: © charnsitr/

Sony has launched a bug bounty programme that will pay more than $50,000 to anyone who can find critical vulnerabilities in the PS4.

Eager to make sure the PS4 and PlayStation Network are secure before the launch of the PS5 later this year, Sony has announced a public bug bounty programme. In a blog post, Sony Interactive Entertainment’s senior director for software engineering, Geoff Norton, said it was partnering with the group HackerOne to run the programme.

The lowest bounty available is $100 for someone who can find a low vulnerability in the wider PlayStation Network, but can reach more than $3,000 for critical vulnerabilities in the network.

However, the largest potential sums of money come with bug detection in the PS4 console. While bounties start at $500 for low vulnerabilities, Sony said it will pay out more than $50,000 to anyone who can spot critical vulnerabilities in the PS4.

HackerOne – a group that hosts bug bounty programmes for various companies – said the reward amount will depend on the severity of the flaw as well as the quality of the report. It also stated that it will not be paying out for any bug discoveries in the company’s older hardware, including the PSP and PS Vita.

Last of the big three

Until now, PlayStation’s bug bounty programme has been held privately among researchers and it is the last of the big names in gaming consoles to launch a public effort. So far, it has paid out just under $174,000 in bounties, with the average payout being $400 and the top so far being $40,000.

Last January, Xbox announced it was offering rewards of between $500 and $20,000 for anyone who can find critical flaws in its Xbox Live network or services. The $20,000 bounty would be issued if someone could find a critical vulnerability that could lead to a remote code execution.

Nintendo offered a bug bounty programme back in 2016, also run by HackerOne. Nintendo said it would offer $20,000 to anyone who could find a critical vulnerability in its 3DS devices.

Colm Gorey was a senior journalist with Silicon Republic