Valve Is Paying Hackers Thousands to Test Security

3.8
Valve is offering up huge rewards for hackers who can successfully point out flaws in the company’s security measures in place for Steam and other Valve-owned properties.

Over on the HackerOne board, Valve has all of the payouts listed for tech-savvy people who can successfully come forward with reports of vulnerabilities in Valve’s various features. The post shared the company’s security philosophy, part of which is seen below, before diving into how much they’ll be paying hackers who take up the bounties.

“Valve recognizes how important it is to help protect privacy and security. We understand that secure products and services are critical in establishing and maintaining trust with our users. We strive to consistently deliver secure and enjoyable experiences in all of our products and services.

“Security includes everyone. Our Steam users, our developers, third party software developers and the security community. Working together we can all make Steam and the Internet safer.”


The amounts that Valve is willing to dish out for the various bounties differs depending on what score the problems are given through the Common Vunlerability Scoring System (CVSS) system. Less serious problems can earn hackers up to $200 while the problems that rank in the “Critical” tier with a CVSS score of 9-10 will earn a minimum of $1,500. The ranks between those have various minimums and maximums as well that could lead up to thousands more in bounties paid. Many of the bounties that are currently listed in the post are categorized in the higher-tiered “Critical” level as well, so there’s a good chance to earn big if you know what you’re doing, especially since Valve’s already payed out thousands in the past.

According to Valve’s rules for the bounty incentives and the guidelines for the project, Vavle’s also only looking for hackers to try and target certain areas with out-of-scope software and features ineligible for rewards. As part of the guidelines for what Valve is looking for, the full scope of all the company’s properties that are up for being hacked can be seen below:

com, steamcommunity.com, steamgames.com, valvesoftware.com, counter-strike.net, dota2.com, teamfortress.com and sub-domains, excluding domains explicitly removed in the scope section below
Steam Client for Windows, Mac and Linux
Steam command line utility (SteamCMD)
SteamOS
Steamworks SDK
Steam mobile app on iOS and Android
Steam Servers
Valve game titles
Multiplayer and in-game economy aspects of Valve game titles and dedicated game servers


Posted:
Related Forum: PC Gaming Forum

Source: http://comicbook.com/gaming/2018/05/12/valve-paying-hackers-to-test-security/

Related Articles

Comments

"Valve Is Paying Hackers Thousands to Test Security" :: Login/Create an Account :: 8 comments

If you would like to post a comment please signin to your account or register for an account.

TOXICPosted:

Pretty good idea lol, easy way for the hackers to make some easy cash lmao.

MushroomElmPosted:

Dismiss
SR20DET Aren't these called ethical hackers? Can't remember if that's the correct name, but yeah. This is quite common for companies to do.


Yeah. Also white hats I think? It's good companies do this. Just standard people have a different way of doing things so they might have different methods compared to companies that do it for a living.


I watched a show where companies would do this. But they would go full on trying to infiltrate. From literally walking in the front door of various branches and saying 'I was called to install new firmware' to see if they would actually check to sneaking around at night and testing their doors and trying to break in. If they could get in, they would try to install a simple virus that wouldn't actually do anything but would just confirm they could be infiltrated. Then they'd report it to the company, who would then be able to fix the issues.

It's very smart, honestly. I've heard of casinos doing the same thing. They would find people who tricked slot machines, either press no chargers if they said how to fix it or even offer them money. I think one place offered my dad 500 bucks for a small machine, which jack potted around 300, lol.

If you want to work with computers, this is a good job. And high in demand. Cyber Security. With almost everything running on programming these days, there will almost always be a job somewhere if you are willing to move for it. Even houses can run off the internet now..

MikePosted:

This is a smart way to give hackers something to do.

AD4MPosted:

Awesome, shame the Steam program is utter shite

DismissPosted:

SR20DET Aren't these called ethical hackers? Can't remember if that's the correct name, but yeah. This is quite common for companies to do.


Yeah. Also white hats I think? It's good companies do this. Just standard people have a different way of doing things so they might have different methods compared to companies that do it for a living.

SilkyPosted:

With big companies such as this pen testing is normally a given to check security however it's good they're getting round to it now.

SR20DETPosted:

Aren't these called ethical hackers? Can't remember if that's the correct name, but yeah. This is quite common for companies to do.

GaryPosted:

This isn't really a surprise many big eCommerce platforms such as Amazon do the same.


Latest Downloads

Latest Tutorials