Sponsored By

Valve debuts public bug bounty board in an effort to improve security

Valve is joining Nintendo, Oculus, and a litany of other tech companies in establishing a public bug bounty program to encourage folks to report security vulnerabilities in its services.

Alex Wawro, Contributor

May 10, 2018

1 Min Read
Game Developer logo in a gray background | Game Developer

The folks at Valve set up a public bug bounty board on the HackerOne platform on Monday in an effort to patch up security vulnerabilities in Steam, Valve games, and other Valve services by paying people to report them.

This is a big deal given how many people use Valve's tech (which has occasionally been breached in a very public fashion), though devs who are interested in participating should know that the bounties are only paid for work done within very specific guidelines.

Valve is joining Nintendo, Oculus, and a litany of other tech companies in establishing a public bug bounty program, years after hobbyist hacker Ruby Nealon told Ars Technica he was going to give up probing the security of Valve's services because they "giv[e] so little of a shit about people's [security] findings."

"I won't be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers," Nealon said in 2016, shortly after publicly revealing two Steam exploits, one of which allowed him to post a game on the service without Valve's permission. "See HackerOne, which is an entire platform hundreds of companies use. I felt like Valve were exploiting me."

In the three days since launch, Valve's new HackerOne bug bounty program has paid out over $108,000 in bounties (the minimum payout is $100) and publicly thanked 39 hackers. For full details about the program and what's fair game, check out Valve's HackerOne page

About the Author

Daily news, dev blogs, and stories from Game Developer straight to your inbox

You May Also Like