Microsoft recently released a bug bounty program for the Xbox live network and services. And it is paying the bug hunters up to $20,000. Like any other bug bounty program the payout depends on the security vulnerability’s severity which starts at $500.
The security holes that leave the Xbox Live network vulnerable to spoofing attacks can earn researchers up to $5,000 for instance. While the Remote code execution exploits pay the most, from $10,000 to $20,000, so as long as they are previously unreported vulnerabilities found in the latest version of Xbox Live,
But, those who want to send in a submission will have to include reproducible steps to be allowed to claim a reward. While the program covers quite a few different types of vulnerabilities some of the things are out of scope, such as DDoS issues and URL Redirects.
The Xbox Live Program is one of the bug bounty programs that Microsoft is running for their products and services. Some of which have a reward cap of $15,000, but the biggest program overall promises are up to $300,000 for the most severe vulnerabilities found in their Azure cloud computing services.