- Riot Games rolls out bug bounty program on HackerOne
- Bounties only payable when following the rules, minimum reward $250
- Gaming industry giants taking place in the bug bounty program
Riot Games entered the bug bounty program on HackerOne, rewarding users for reporting bugs and flaws in Valorant’s new anti-cheat system – Vanguard.
Bounty for Finding Vulnerabilities in Vanguard – Riot Games’ New Anti-Cheat
Vanguard is the anti-cheat system used by Riot Games’ new shooter – Valorant. Yesterday the company posted one of the biggest bounties in the gaming industry – up to $100,000 for pointing out weak spots in the new anti-cheat system.
🔻 Learn more about Vanguard Security and Privacy !
"We’ve been running a Bug Bounty program on HackerOne for the past 6 years. We’ve rewarded security researchers with almost two million dollars in bounties…"https://t.co/i7iYeNMgMA
— VALORANT Esport 🏆 (@VALORANT_PRO) April 18, 2020
The bounty is held on HackerOne, where daredevils can submit security breaches, if they can find them first. The different categories include:
- game exploits
- bugs not related to Riot Games software
- web security problems & more
With the minimum reward starting at $250, Riot Games introduced tiers depending on the complexity. In the lowest tier “Unauthorized access to sensitive data“, maximum bounty goes up to $25,000, while in the highest tier “Code execution on the kernel level” the maximum bounty can jump up to $100,000. Of course, no bounty can be collected without following certain rules:
- The breach must be tasted on the latest Vanguard version
- Working proof must be provided to Riot Games for further examination
- The exploit must be genuine
- Details on exploit cannot be disclosed without approval by Riot Games
“Rewards are granted entirely at the discretion of Riot. Publicly disclosing your bug without coordinating with us may lead to being ineligible for a bounty” – adds Riot in terms of the announced rewards.
Riot’s Statement on the Bug Bounty Entry
Riot Games’ announcement came after a weeklong debate about the activity of the new anti-cheat system Vanguard that is necessary in order to play the company’s new shooter – Valorant. With Riot giving away access to the game on Twitch, many users reported online that the anti-cheat is always on, even when the player is not in game. Some users even pointed out that Vanguard will start with PC boot and increased privileges. In an official statement, regarding the ongoing discussion, Riot’s security team noted:
“We want players to continue to play our games with peace of mind, and we’re putting our money where our mouth is“.
Considering that Riot’s newest shooter – Valorant is still a closed beta, users can probably expect further updates in Vanguard and the game itself.
Riot Games’ bug bounty entry on HackerOne is not only due to the recent release of the game. The company participated with their iconic League of Legends back in 2014. Other developers such as Rockstar Games are also on HackerOne BBP (Bug Bounty Program).
Rockstar’s minimum bounty starts at $150 and the reports accepted are for Grand Theft Auto V, Grand Theft Auto Online, Red Dead Redemption 2 and Red Dead Online for PS4, PC and Xbox One.
The gaming and entertainment colossus Valve is also taking part of BBP on HackerOne since 2017. With minimum bounty of $100 and average of $750, to this date, Valve has paid the mind blowing amount of $937,750 for bounties.
Thumbnail image credit: Valorant