Home Gaming It pays to squish bugs with the Riot Bug Bounty program

It pays to squish bugs with the Riot Bug Bounty program

2 min read


Hacking is a mystery to me. All I know is that no matter how tight an organisation thinks their security is, someone somewhere can roll their face across their keyboard (skillfully) and either gain access to confidential information, or cause havoc with the likes of a DDos attack. Riot Games, the almighty creators of League of Legends, are not new to these hazards, having been the victim of several attacks over the past few years. They’re looking to pay people to help them stomp out any security bugs.

This incentive came about thanks to Jamieson O’Reilly, an Australian security researcher who decided to test his know-how against Riot – not for personal gain, but rather to see if any flaws or loopholes existed (via Riot Games)

“To be honest, what attracted me to test Riot was that I looked everywhere for Riot’s vulnerabilities and since there were none, it was more of a challenge to me as a security researcher to be one of the first to find something.”

There was no channel for him to officially contact Riot with his findings, which forced him to send an email to Riot’s @info inbox. It only reached somebody of importance a week later. Riot saw this and knew they had to put a better system in place.

To solve this, we’ve spent the last year testing a publicly accessible bounty program that provides an official channel for security bug reports, and a mechanism to reward researchers who responsibly share important security issues we haven’t identified.

Currently in closed beta, The Riot Bug Bounty program is only available to a few security professionals who we’ve already identified.  These professionals have helped us squish more than 75 bugs, vulnerabilities, and exploits, including client crash exploits, vision related exploits, and vulnerabilities that could potentially lead to player impersonation on forums.

It’s a win-win for both Riot and the community. Riot get invaluable assistance in identifying security flaws, and the community not only get a better product (in terms of security) overall, but they also get the chance to make some cash.

While collaboration and insight is a motivation for some, cold hard cash is still a pretty great reward. Since the beta program’s initial kickoff in April 2013, more than $100,000 has been paid out to the small fellowship of invited participants.

We’re not ready to open the program to all security researchers and enthusiasts, but we hope to share more details soon

I think this is a great idea! Now if only I knew how to breach firewalls… brb watching Hackers.

(Header Source)

Last Updated: November 24, 2014


  1. I quite like this. Many so called “white hackers” make a living doing precisely this – so it makes sense that game devs would follow in the footsteps of other companies.

    As you said, it’s a win-win.


  2. Hammersteyn

    November 24, 2014 at 14:43

    I wondered what the sequel to LOL would be called if any? Maybe ROFL? Rise of Fallen Legends? 😛


    • Splooshypooh

      November 24, 2014 at 14:47

      Teehee… (refresh)


      • Hammersteyn

        November 24, 2014 at 15:04



  3. Brady miaau

    November 24, 2014 at 14:45

    Ok, I just read parts of the Hackers wiki entry. They spent time with computer people before the movie? Holy crap, it does not seem like that in the movie.

    I love CSI’s national shoeprint database or the like. Classic


    • ToshZA

      November 24, 2014 at 14:49

      lol, it was made in the 90’s. You can’t expect too much accuracy – back then the public didn’t care about realism. 🙂


    • Alien Emperor Trevor

      November 24, 2014 at 14:51

      My favourite is always the one about how a tyre tread can be matched to a specific car.


      • Sir Rants A Lot is a DADDY

        November 24, 2014 at 14:52

        Or how you chase the IP


        • Alien Emperor Trevor

          November 24, 2014 at 14:53

          Let’s not forget the classic “keep him on the line so we can trace the call… damn, just not long enough.”


          • Sir Rants A Lot is a DADDY

            November 24, 2014 at 14:54

            and hiding the info at the end of a modified game

  4. Admiral Chief Wang

    November 24, 2014 at 15:21



  5. Mark Vincer

    November 24, 2014 at 16:17

    To quote every TV hacker ever…”Just spoof the IP”


Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Valorant’s next character is KAY/O, a silencing robot

Usually one suppresses the enemy with a gun rather than a blade but clearly Valorant knows…