Game Companies Pay for Community Assistance
(Image credit: Rockstar Games)
HackerOne makes gaming safer for all
Who would have thought that a game centered around crime would reward their community for helping find and fix issues? It turns out Rockstar Games and many others have joined a program that has been around since 2012, called HackerOne. It has provided compensation to players who help patch and protect the community of businesses that purchase their services. The focus was drawn on the company when Rockstar Games recognized a gamer for his direct contributions on PC in their latest patch notes. The Load Screen covers the program and companies it supports, where tech-savvy players can earn money for fixes that help others.
Rockstar Games just rewarded a player with the username tOst and gave him their thanks publicly, but his impact is going to benefit any PC player when they enjoy significantly reduced load times. He correctly identified a core issue that limited PCs from processing data efficiently which Rockstar Games resolved. They recognized the tech-savvy fan in a direct reference on the GTAV Title Update 1.53 Notes page but it is the GTAV PC community that gains from his work.
The gaming company and many others reward outside help through a partnership with HackerOne, a company that specializes in community-based solutions for testing software weaknesses. In 2016, Rockstar Games saw the insight of using that program to reveal and resolve hidden vulnerabilities. They made a public statement about the new program a few months later in this Rockstar Games Public Bug Bounty Program article. Their titles covered by the programs include Red Dead Redemption, Max Payne, L.A. Noire, Bully, and of course Grand Theft Auto. Although the developer does not handle all online issues that occur with their products through the HackerOne service, issues such as glitches get reported to Rockstar Games Support page directly.
So, what is HackerOne and what do they do? According to the HackerOne company page, they are a security platform founded by ethical hackers and security leaders that partners with the global hacker community to find relevant security issues for their customers. They offer three main services: retesting of vulnerabilities, splitting of bounties for a group solution, and direct management. It was founded in 2012 with the focus on making the internet safer which now has offices in the Netherlands, Singapore, England, and the United States of America.
Many non-gaming industry companies have bought into and utilize all three features of HackerOne. Some of them represent industry leaders such as Airbnb, Logitech, Dropbox, PayPal, Vimeo, Spotify, TikTok, Starbucks, Uber, Glassdoor, and Citrix Systems. These represent only a few of the customers who are directly managed by the HackerOne group that allows for retesting and bounty splitting from its community of hackers. They offer their products in various levels which allows AT&T, IBM, Adobe, Sony, and KeyBank to employ only their professional management. See the HackerOne Directory page for the complete list of active programs.
Even within the gaming industry, there are many HackerOne clients, not just Rockstar Games. The directory shows heavy hitters such as Nintendo and PlayStation operate several of their programs. In fact, the PlayStation Bug Bounty Program was officially announced in this PlayStation Blog article from June 2020 to draw further attention to their player base. In that post, the company lists some high-dollar bounties, including critical PS4 vulnerabilities starting at $50,000!
(Image credit: Valve Corporation)
Not every gaming company offers such high rewards, but many others utilize HackerOne with large player bases like Roblox, PUBG, and even Valve Corporation. Company commitments show up on the Valve Software security page with direct references to their HackerOne security program. On the HackerOne Valve page, the bounties range in price depending on the issue’s game and impact. For instance, Steam, CS: GO, Dota2, and Half-Life: Alyx can earn an honorable hacker up to $7,500 per critical issue.
Most problems players experience is not vulnerabilities that HackerOne would cover. However, the helpful gamer can report issues directly to the publishers or service providers in cases akin to cheating. The praised solution by tOst was likely not compensated directly through the Rockstar Games HackerOne program. The issue he resolved did not leave the GTAV player base open to attack, just prevented extended loading times. Cash incentives for ethical hacking is a concept that resonates with hundreds of companies that HackerOne calls clients. The Load Screen team applauds any group that makes gaming safer, and HackerOne is a company that strives for a sounder environment for all.