Valve has gotten on the exploit-hunting fashion according to current public releases of documentation out of HackerOne, a neighborhood of white-hat hackers that participate in vulnerability coordination and bug bounty. According to the statistics on Valve’s HackerOne webpage, $109,600 have been paid in bounty rewards to people that have the ability to discover and document loopholes, vulnerabilities and bugs in Steam providers and Valve titles.
Of that $109,600, the normal bond ranges from $350 – $500 with top bounties attaining the $950 – $3,000 range. The scope of the project is recorded as:
Internet, dota2.com, teamfortress.com along with sub-domains, excluding domains specifically eliminated in the scope section under
If any of this sounds confusing or about to you, don’t worry. Lots of companies enlist the services of hackers to assist them find vulnerabilities in their own systems; the perfect way to fight fire is with fire, after all. Google continues to be paying rewards since 2010, totaling $12 million because the software’s inception and $2.9 million final year alone. Seeing Valve utilizing ethical hackers to assist them improve their security is truly pretty good news.
Basically, domains inside the scope of the project are assigned a priority value, and hackers may research vulnerabilities or potential breach paths, receiving rewards based from the priority value of their domain and the severity of the exposure.
Should you just happen to be an individual with penetration testing experience who needs some additional cash, you can head around to Valve’s HackerOne webpage to have a look at the rewards. You can also take a look at current reports and activity as they happen here on Valve’s cookie action page.