Rockstar, the studio behind games such as Red Dead Redemption and Grand Theft Auto, has published an advertisement on HackerOne, a platform for spotting bugs, offering rewards to those who can find bugs or vulnerabilities in their domains.
"We are dedicated to the privacy and security of our users, and the environment we create for them," the studio's statement reads. "We believe that having a talented group of independent security researchers is paramount to achieving that goal. We are running this HackerOne bounty program to reward researchers for identifying potential vulnerabilities . Please review the following guidelines detailing the rules of this bug bounty program. Only research following these guidelines will be eligible for a bounty."
The minimum reward will be $150 USD, but if they're more severe or complex the bounties could be higher. The domains they want tested are as follows:
www.rockstargames.com
socialclub.rockstargames.com
lifeinvader.com
rockstarnorth.com
prod.ros.rockstargames.com
prod.conductor.ros.rockstargames.com
prod.telemetry.ros.rockstargames.com
prod.cloud.rockstargames.com
prod.hosted.cloud.rockstargames.com
media.rockstargames.com
patches.rockstargames.com
"We encourage you to hunt for bugs in support.rockstargames.com, which is run on top of the Zendesk platform. Zendesk also participates in the HackerOne bounty program; see this page for details and to report Zendesk vulnerabilities: Zendesk Bug Bounty."
For those of you hoping to submit game bugs, you're out of luck. "Please note that game bugs, glitches or exploits are not part of the bug bounty program, but can still be submitted on our support site at: https://support.rockstargames.com/hc/en-us/requests/new."
The full post explains what does and doesn't constitute a valid submission, so if you've got a keen eye for bugs, then it may be worth scrutinising their domains. Is this an effective way to maintain security?