Riot Increases Bug Bounties

A post from Riot Games discusses security in their games, noting they have paid out over $2 million through their bounty program to those who have identified exploits in the past. Saying they are once again putting their money where their mouth is (mouths are?), they announce a reward of up to $100,000 for those reporting security vulnerabilities in their Vanguard security program. These can include web security problems, certain game exploits, and other security concerns. Here's word:
As part of our commitment to player security and privacy, we’ve been running a Bug Bounty program on HackerOne for the past 6 years. We’ve rewarded security researchers with almost two million dollars in bounties and our scope includes everything that players interact with. Today we’re announcing that we’re creating a special scope for Vanguard vulnerabilities with even higher bounties. We want players to continue to play our games with peace of mind, and we’re putting our money where our mouth is. If you think you’ve found a flaw in Vanguard that would undermine the security and privacy of players, please submit a report right away and you may be eligible for a big bounty payout. Visit our HackerOne page for more details.

We’d never let Riot ship something we couldn’t stand behind from a player-trust perspective (not that we think Riot would ever try). Players have every right to question and challenge us, but let’s be clear—we wouldn’t work here if we didn’t deeply care about player trust and privacy and believe that Riot feels the same way. We’re players just like you, and we wouldn’t install programs on our computer that we didn’t have the utmost confidence in.
View : : :
4 Replies. 1 pages. Viewing page 1.
Newer [  1  ] Older
4.
 
Re: Riot Increases Bug Bounties
Apr 19, 2020, 15:00
Rigs
 
4.
Re: Riot Increases Bug Bounties Apr 19, 2020, 15:00
Apr 19, 2020, 15:00
 Rigs
 
MoreLuckThanSkill wrote on Apr 19, 2020, 13:53:
Mac wrote on Apr 19, 2020, 04:47:
Why would anyone voluntarily let a game put a kernal program that is running even when the game isn't on their PC?

I have heard of Vanguard, but until you guys mentioned this, I didn't know that their anti-cheat program runs at ring 0.

Reading up on it, apparently BattleEye, used by Fortnite, Ark:Survival, Arma, DayZ, Insurgency, PUBG, Ghost Recon: Breakpoint, etc etc. is also a Ring 0 level program.

BattleEye states pretty publicly that they are ring 0, I wonder what other anti-cheat programs are and don't mention it?

Sad state of affairs. I guess I'll be sticking with single player only games as much as possible.


Well, see that's the thing, BattleEye is transparent about it at least. This Vangaurd bullshit is anything but. And don't even get me start on the whole China angle. (Riot is wholly owned by TenCent) Everyone has the right to put whatever they want on their machine. Hell, if they want to run ransomware on it for shits and giggles, knock yourself out. (I've done it on a VM several times just to learn how the OS reacts and what behavior to watch out for) The problem is, as usual for cases like these, transparency. They could have saved themselves a whole lot of pain by just making it a bullet point in the features or something. Then no one could say they were trying to do something nefarious. But they didn't. And here we are.

=-Rigs-=
'Sorry, we thought you were dead.'
'I was. I'm better now.'
Avatar 14292
3.
 
Re: Riot Increases Bug Bounties
Apr 19, 2020, 13:53
3.
Re: Riot Increases Bug Bounties Apr 19, 2020, 13:53
Apr 19, 2020, 13:53
 
Mac wrote on Apr 19, 2020, 04:47:
Why would anyone voluntarily let a game put a kernal program that is running even when the game isn't on their PC?

I have heard of Vanguard, but until you guys mentioned this, I didn't know that their anti-cheat program runs at ring 0.

Reading up on it, apparently BattleEye, used by Fortnite, Ark:Survival, Arma, DayZ, Insurgency, PUBG, Ghost Recon: Breakpoint, etc etc. is also a Ring 0 level program.

BattleEye states pretty publicly that they are ring 0, I wonder what other anti-cheat programs are and don't mention it?

Sad state of affairs. I guess I'll be sticking with single player only games as much as possible.

Avatar 54863
2.
 
Re: Riot Increases Bug Bounties
Apr 19, 2020, 12:39
2.
Re: Riot Increases Bug Bounties Apr 19, 2020, 12:39
Apr 19, 2020, 12:39
 
I'd venture that 90%+ of people using computers don't know what Ring 0 or Kernels are, and another large section does, but doesn't care because they want to play the game.

At that point, they've already got such a huge chunk of the potential market that the few people who know, and also care, don't matter. It's not even a big loss for them.

Avatar 56124
1.
 
Re: Riot Increases Bug Bounties
Apr 19, 2020, 04:47
Mac
1.
Re: Riot Increases Bug Bounties Apr 19, 2020, 04:47
Apr 19, 2020, 04:47
Mac
 
Why would anyone voluntarily let a game put a kernal program that is running even when the game isn't on their PC?
4 Replies. 1 pages. Viewing page 1.
Newer [  1  ] Older