Connect with us

Hi, what are you looking for?


Management & Strategy

Sony Launches PlayStation Bug Bounty Program on HackerOne

Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne.

Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne.

Previously, the company ran a private bug bounty with some researchers only, but says that it has come to realize that the research community plays an important role in improving security, and that the newly launched program builds on that realization.

“We believe that through working with the security research community we can deliver a safer place to play. We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network,” the company says.

HackerOne community members interested in participating could earn more than $50,000 for critical severity vulnerabilities in PlayStation 4. The minimum amount paid for critical flaws in PlayStation Network is of $3,000.

“PlayStation will determine, in its sole discretion, whether a bounty will be awarded. Reward amounts will differ based on vulnerability severity, as well as the quality of the report. Sony will only award a bounty to the first researcher to have reported a previously unreported, vulnerability,” HackerOne explains.

Domains in scope of the program include *, *, *,,,,, and

Current released or beta versions of system software are in scope of the program for the PlayStation 4 system, accessories and operating system. However, submissions for previous system software might be accepted on a case by case basis.

Advertisement. Scroll to continue reading.

PlayStation 1, PlayStation 2, PlayStation 3, PS Vita and PSP or any other hardware, other domains than those mentioned above, corporate IT infrastructure, open source software vulnerabilities public for less than 7 days, and third-party games and applications are not in the scope of the program.

Researchers are required to promptly report the identified vulnerabilities, to provide sufficient details to verify the validity of reports, and allow sufficient time for the reported security flaws to be addressed before disclosing them publicly.

Furthermore, researchers are prohibited from viewing, using, altering, transferring, or accessing any data within the PlayStation environment, as well as from intentionally disrupting the company’s “networks, systems, information, applications, products, or services.”

“Violation of these requirements may result in permanent disqualification from the program, and Sony reserves the right to withhold a bounty from researchers who violate or have violated these requirements in the past,” Sony says.

On the program’s page on HackerOne, Sony also provides details on vulnerabilities that are out-of-scope, as well as on what researchers who participate should expect from the company. The company says it won’t take legal action or file complaints against researchers for accidental, good faith violations of the program’s policy.

Related: HackerOne Says Bug Bounty Hunters Earned $100 Million Through Its Platform

Related: Hacker Earns $8,500 for Vulnerability in HackerOne Platform

Related: Tencent Offers Up to $140,000 for Operating System Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.