Riot Games announces a Bug Bounty Program for VALORANT’s anti-cheat Vanguard with rewards between $25,000 and $100,000





Riot senior staff members reassure users that Vanguard does not collect of send any information about users’ computers back to Riot Games





Vanguard can be uninstalled at any time however VALORANT will not run without the kernel level driver (vgk.sys) that comes with it.

The discovery of a kernel level driver (vgk.sys) used by VALORANT’s anti-cheat system Vanguard, has been at the centre of conversation (and concern) across the community since 14th April. One prominent YouTuber even went on to liken Vanguard to a rootkit! Today, Riot Games has published a statement addressing these concerns while essentially putting its money where its mouth is.

For the past six years, Riot Games has been running a Bug Bounty Program on HackerOne (a platform for hacker powered security that leverages the global hacker community to help companies identify and resolve potential vulnerabilities), through which it claims to have paid out nearly USD 2 Mn. Now, a special scope has been created for Vanguard vulnerabilities with even higher bounties. Users and security researchers that believe they might have found a flaw in VALORANT’s anti-cheat system can submit a report by sending an email to [email protected] The rewards range from $25,000 all the way up to $100,000 depending on the severity of the vulnerabilities.

Source: https://hackerone.com/riot





(See Also: VALORANT’s Anti-Cheat System Could Be A Major Security And Privacy Risk For Your Computer)





The primary spokesperson for Riot Games through all of this has been Paul “Riot Arkem” Chamberlain, Programmer and Anti-Cheat Lead for VALORANT. The latest statement comes from a variety of Riot staff members including Chris Hymes (Data Protection Officer and Chief Information Security Officer), Mark Hillick (Director of Security), Clint Sereday (Anti-Cheat Product Lead), Daniel Hu (Data Privacy Product Lead) and Warren Kenny (Application Security Product Lead).

In addition to announcing the Bug Bounty Program, the statement also elaborates on the Riot Vanguard philosophy and its architecture. More importantly, it reiterates Riot Arkem’s previous message that the kernel level driver does not collect or send any information about users’ computers back to Riot Games and that the driver can be uninstalled at any time by removing “Riot Vanguard” from the add/remove programs menu. However VALORANT will not run without this driver.



