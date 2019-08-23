Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Gamasutra: The Art & Business of Making Gamesspacer
SEARCH
GO
GAME JOBS
updates Blogs contractors newsletter Game Career Guide
SEARCH
GO

arrow
PROGRAMMING
spacer
ART
spacer
AUDIO
arrow
DESIGN
arrow
PRODUCTION
arrow
BIZ/MARKETING

arrowLatest Jobs
View All     RSS
August 23, 2019
arrowLatest Blogs
View All     Post     RSS
August 23, 2019
arrowPress Releases
August 23, 2019
Games Press
View All     RSS
arrowAbout
Contact Gamasutra
Report a Problem
Submit News
Comment Guidelines
Blogging Guidelines
How We Work
Download Media Kit
Sponsor
arrowGama Network
If you enjoy reading this site, you might also want to check out these UBM Tech sites:
Game Career Guide
Indie Games

Valve tweaks bug bounty program after 'mistakenly' turning away researchers

Valve tweaks bug bounty program after 'mistakenly' turning away researchers

August 23, 2019 | By Alissa McAloon
August 23, 2019 | By Alissa McAloon
Comments
    Post A Comment
More: Console/PC

Valve has expanded the scope of its HackerOne bug bounty program after a researcher was turned away for submitting a valid vulnerability found in Valve’s game distribution platform Steam.

That change to the program comes as part of a larger story covered by Ars Technica in which two researchers had their bug bounty submissions rejected by the HackerOne campaign, and in one case being told they were no longer able to submit future bugs following the rejection.

Following one of these rejections, Valve issued a statement to Ars acknowledging that the researcher was “incorrectly turned away” and that the idea that his report was classified as out of scope “was a mistake.”

“Our HackerOne program rules were intended only to exclude reports of Steam being instructed to launch previously installed malware on a user’s machine as that local user. Instead, misinterpretation of the rules also led to the exclusion of a more serious attack that also performed local privilege escalation through Steam,” reads the statement.

The new update to Valve’s HackerOne program now states that those above issues do fall within the scope of the bounty program. Beyond that, Valve notes that it is reviewing the details of the situations with some researchers, likely those mentioned in Ars’ report, but will not comment on any specifics.

Related Jobs

HB Studios
HB Studios — Lunenburg/Halifax, Nova Scotia, Canada
[08.23.19]
Experienced Software Engineer
Sparx* - Virtuos Vietnam
Sparx* - Virtuos Vietnam — Ho Chi Minh, Vietnam
[08.23.19]
Lead Real-time VFX
Square Enix Co., Ltd.
Square Enix Co., Ltd. — Tokyo, Japan
[08.23.19]
Experienced Game Developer
Sony PlayStation
Sony PlayStation — San Mateo, California, United States
[08.22.19]
Head of Global Portfolio and Acquisitions


[View All Jobs]




[Next News Story]    [View All]


Loading Comments
loader image