Hacking is a mystery to me. All I know is that no matter how tight an organisation thinks their security is, someone somewhere can roll their face across their keyboard (skillfully) and either gain access to confidential information, or cause havoc with the likes of a DDos attack. Riot Games, the almighty creators of League of Legends, are not new to these hazards, having been the victim of several attacks over the past few years. They’re looking to pay people to help them stomp out any security bugs.
This incentive came about thanks to Jamieson O’Reilly, an Australian security researcher who decided to test his know-how against Riot – not for personal gain, but rather to see if any flaws or loopholes existed (via Riot Games)
“To be honest, what attracted me to test Riot was that I looked everywhere for Riot’s vulnerabilities and since there were none, it was more of a challenge to me as a security researcher to be one of the first to find something.”
There was no channel for him to officially contact Riot with his findings, which forced him to send an email to Riot’s @info inbox. It only reached somebody of importance a week later. Riot saw this and knew they had to put a better system in place.
To solve this, we’ve spent the last year testing a publicly accessible bounty program that provides an official channel for security bug reports, and a mechanism to reward researchers who responsibly share important security issues we haven’t identified.
Currently in closed beta, The Riot Bug Bounty program is only available to a few security professionals who we’ve already identified. These professionals have helped us squish more than 75 bugs, vulnerabilities, and exploits, including client crash exploits, vision related exploits, and vulnerabilities that could potentially lead to player impersonation on forums.
It’s a win-win for both Riot and the community. Riot get invaluable assistance in identifying security flaws, and the community not only get a better product (in terms of security) overall, but they also get the chance to make some cash.
While collaboration and insight is a motivation for some, cold hard cash is still a pretty great reward. Since the beta program’s initial kickoff in April 2013, more than $100,000 has been paid out to the small fellowship of invited participants.
We’re not ready to open the program to all security researchers and enthusiasts, but we hope to share more details soon
I think this is a great idea! Now if only I knew how to breach firewalls… brb watching Hackers.
Last Updated: November 24, 2014