Valve has gotten on the exploit-hunting fad based on recent public releases of documentation from HackerOne, a network of white-hat hackers who engage in vulnerability manipulation and insect bounty. According to the statistics on Valve’s HackerOne page, $109,600 are paid in bounty benefits to individuals that are able to discover and document loopholes, including vulnerabilities and bugs from Steam services and Valve names.
Of $109,600, the normal bounty ranges from $350 – $500 with high bounties attaining the $950 – $3,000 range. The scope of the job is recorded as:
Internet, dota2.com, teamfortress.com and sub-domains, excluding domains specifically removed in the scope section under
If some of this seems confusing or concerning for you, don’t worry. Lots of companies enlist the assistance of hackers to help them locate vulnerabilities in their own systems; the very ideal method to fight fire is with fire, after all. Google has been paying out rewards since 2010, totaling $12 million since the program’s inception and $2.9 million last year alone. Seeing Valve utilizing ethical hackers to help them improve their safety is truly pretty good news.
Essentially, domains within the scope of the job are assigned a priority value, and hackers may explore vulnerabilities or potential breach paths, receiving wages based from their priority value of the domain and also the intensity of the vulnerability.
Should you happen to be an individual with penetration testing experience who wants some excess money, you can go on over to Valve’s HackerOne webpage to check out the rewards. It is also possible to have a look at recent activity and reports as they occur here on Valve’s hacker activity page.