By Eduard Kovacs on November 24, 2014
Riot Games, the developer of the popular multiplayer online game League of Legends, has shared some details on its bug bounty program.
The program, powered by the HackerOne platform, was launched in April 2013, but it has been open only to a few security researchers who have helped the company address a total of 75 bugs, exploits and vulnerabilities. So far, Riot Games has rewarded participants with a total of more than $100,000.
The list of vulnerabilities reported until now includes client crash exploits, vision related exploits, and flaws that could potentially be leveraged to impersonate players on forums, the company said.
The bug bounty program covers all Riot services accessible from the Internet and any software developed by the company. The list of eligible issues includes Web vulnerabilities such as cross-site scripting (XSS) and SQL injection, game exploits, and other flaws related to infrastructure security, information disclosure and memory corruption.
Researchers who report vulnerabilities are rewarded based on the severity of the bug. The minimum bounty has been set by the company at $100.
full article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.