BY AMIT BARAN ROY | Publisher of as popular games as Grand Theft Auto, Max Payne, Red Dead Redemption, L.A. Noire, Bully and more, ‘Rockstar Games’, is now running a HackerOne bounty program where they are rewarding hackers/researchers with a minimum of $150 bounty for finding out bugs or any potential vulnerabilities in their list of domains and online services. Anyone can be a part of this bounty program and will be eligible for higher bounties depending on the severity and complexity of the bugs.

This bounty program was posted on HackerOne platform, where you can find the complete scope, guidelines, eligibility and exclusions. Till now, over $90,000 bounty was paid out based on 155 reports with an average of $500 bounty per report. The primary eligibility criteria requires you to be the first reporter of the bug and you should not have publicly disclosed the vulnerability to anyone else before submitting. The scope of the bounty program is only limited to the below mentioned domains and it does not extend to any bugs in video games, web or mobile applications (but you can still submit them without any reward at their support site).

Domains



www.rockstargames.com

socialclub.rockstargames.com

lifeinvader.com

rockstarnorth.com

prod.ros.rockstargames.com

prod.conductor.ros.rockstargames.com

prod.telemetry.ros.rockstargames.com

prod.cloud.rockstargames.com

prod.hosted.cloud.rockstargames.com

media.rockstargames.com

patches.rockstargames.com

There is also a long list of exclusions that will invalidate any submitted vulnerabilities. Few of them includes mere DDoS attacks, bugs in 3rd party authentication, clickjacking, session timeouts, gamertag enumeration etc. Rockstar haven’t yet specified any end date to this ad. So, we will recommend that it’s the best time to test your technical skills to grab that bounty while it still lasts.