Of course, the upper limit means errors with a high significance rate. So this means that if we can find a really serious vulnerability in Xbox, we can receive a maximum of $ 20,000 from Microsoft. However, in most cases the rewards will be much lower – after all, it is difficult to find only very significant problems related to platform security. Interestingly, DoS attacks will not be counted among the most serious ones, but those related to data leaks, spoofing, elevation of privileges, and execution of dangerous code may already be classified as those with the highest severity.
However, to receive the guarantee of receiving the highest reward, a bug bounty participant must indicate an error consisting in remote execution of malicious code of high significance and provide a high-quality, standard-compliant report. Needless to say, in any case, Microsoft must be the first to know about the existence of this error? This is a basic condition that is imposed on people who participate in bug bounty programs. It is worth noting that errors that consist in raising user rights will be honored with prizes of up to $ 8,000.