The effort comes ahead of the launch of its next-gen console, the Xbox Series X. Any fixes in the near future will affect the Xbox 360, Xbox One, and Xbox One X, but improvements to the underlying infrastructure will help all releases going forward. Find a vulnerability that has “a direct and demonstratable impact” on customer security, and you could net $20,000. Admittedly, you could also receive $500, but it all depends on the severity of the bug. As you’d expect, Remote Code Execution (RCE) flaws are Microsoft’s top priority. Any serious vulnerability in this category could seriously impact the safety of customers, with the top reward for critical bugs and up to $15,000 for bugs deemed ‘Important’. Even so, you won’t reach the top reward unless you provide the company with a high-quality report, and that doesn’t necessarily mean length. It wants clear and reproducible steps in a concise format. Low $10,000 $5,000 Low $ 3,000 $1,000 Low $1,000 Low $1,000 Low $1,000 Low $1,000 Despite the program, there are some activities Microsoft prohibits. Attackers may not perform a Denial of Service (DoS) attack under any circumstances. This includes any automated testing that produces a significant amount of traffic. You’re also not allowed to gain access to any data that isn’t your own. Instead, you should create test accounts. In general, the guidelines say you shouldn’t go beyond the steps necessary to create a proof of concept. You can find a full list of guidelines on the MRSC site.