Business

Valve Starts New Reward Scheme Which Pays Hackers to Identify Exploits and Vulnerabilities

by Ross Deason

Share


Valve have rolled out a new bounty scheme which will reward people that find and report any security exploits in their various services and networks with cash.

Sometimes referred to as “bug bounties”, security schemes that reward “ethical hackers” with cash have proven to be successful for numerous big companies in recent years.

When we say big, we mean big, Everyone from Google to Apple has started to run similar programs which attempt to stop hackers from leaking information elsewhere by offering a cash incentive if the hacker follows their guidelines and only reports exploits to them.

Believe it or not these bug bounties have proven to be extremely successful and now Valve have decided to throw their hat into the ring with a number of different rewards available depending on the severity of the exploit.

Valve are using HackerOne for the new bount scheme and say “We are running this HackerOne bounty program to reward researchers for identifying potential vulnerabilities.”

The various rewards for exploits range from $200 to $3,000 and can come from any of the domains or services listed in the scope below.

Scope

The current scope is limited to the domains and pieces of software listed here:

  • steampowered.com, steamcommunity.com, steamgames.com, valvesoftware.com, counter-strike.net, dota2.com, teamfortress.com and sub-domains, excluding domains explicitly removed in the scope section below
  • Steam Client for Windows, Mac and Linux
  • Steam command line utility (SteamCMD)
  • SteamOS
  • Steamworks SDK
  • Steam mobile app on iOS and Android
  • Steam Servers
  • Valve game titles
  • Multiplayer and in-game economy aspects of Valve game titles and dedicated game servers

Please note that game bugs, glitches or gameplay exploits are not part of the bug bounty program, but can still be submitted on our Support site.

No authorization is given to test any other web applications, game titles or mobile applications. No bounties will be given for any disclosures relating to any applications outside the scope of this program.

It will be interesting to keep an eye on the HackerOne page and see just how many exploits are found and fixed in the coming months.

According to the website, over $100,000 has already been paid out and 39 hackers have already been “thanked” (which presumably means they identified an exploit).

The payout table can be found below.

HackerOne
HackerOne