Isn't that backwards? Do you really want people actively looking for exploits in your game that could be used for anything from slight gameplay advantages to stealing identities? Well, if said exploits are, uh, exploited, it's a terrible idea for sure. On the other hand, if you give Riot a heads-up instead of being an evildoer, it'll give you some real coin for your work.
Yesterday, Riot announced that it's preparing to launch a "publicly accessible bounty program" so players and other interested parties can contribute to the security of League of Legends and the company's websites. Rather than just leave it at a simple reporting service, those who do dig up some juicy flaws will be rewarded for their efforts.
While it's current state is a "closed beta", the initiative has already proven fruitful:
Currently in closed beta, The Riot Bug Bounty program is only available to a few security professionals who we've already identified. These professionals have helped us squish more than 75 bugs, vulnerabilities and exploits, including client crash exploits, vision related exploits, and vulnerabilities that could potentially lead to player impersonation on forums.
While collaboration and insight is a motivation for some, cold hard cash is still a pretty great reward. Since the beta program’s initial kickoff in April 2013, more than $100,000 has been paid out to the small fellowship of invited participants.
There's no mention of a release date, so to speak, with Riot still hammering out a good "foundational workflow", but given it's a very unusual thing for a game developer to do (and a potential can of worms if not handled correctly) you can understand why it might be taking its time to get it right.
Image: Riot Games