Everything you need to know about the PlayStation Bug Bounty Program
Can you really make $50,000 for finding a single bug?
Theo Yurevitch 
Image via Sony
Are you a white hat hacker looking for work? Or has your PlayStation 4 just happened crash? Sony Interactive Entertainment will now pay anyone for finding bugs with both the PlayStation 4 and the PlayStation Network. Partnering with the popular bug bounty platform HackerOne, PlayStation has leaned heavily into the concept, putting $50,000 up for grabs. But there’s a bit more to it than that. Here’s everything we know about the Bug Bounty Program.
What to report
PlayStation is looking for users to report vulnerabilities only about the PlayStation 4 and the PlayStation Network, meaning no older systems or other Sony products are included in this program. This means if you happen to come across a bug through normal use, or intentionally if you are testing for vulnerabilities, you can submit a report for a reward. Any vulnerabilities related to the PlayStation 4 system, operating system, or accessories can be reported.
The following PlayStation Network domains are all also included in the program:
- *.playstation.net
- *.sonyentertainmentnetwork.com
- *.api.playstation.com
- my.playstation.com
- store.playstation.com
- social.playstation.com
- transact.playstation.com
- wallets.api.playstation.com
Rewards for reports
PlayStation has been hammering home the potential for a $50,000 reward, but not every report will get that. Here is a breakdown of the reward tiers for different kinds of reports:
| Critical | High | Medium | Low | |
| PlayStation 4 | $50,000 | $10,000 | $2,500 | $500 |
| PlayStation Network | $3,000 | $1,000 | $400 | $100 |
It is worth noting that it is within PlayStation’s sole discretion to determine whether a reward will be awarded or not. Nevertheless, through HackerOne’s platform, they are being transparent about the program’s statistics and are definitely paying out.
About the author
