Riot Wants To Pay You For Finding League Of Legends Exploits

Isn't that backwards? Do you really want people actively looking for exploits in your game that could be used for anything from slight gameplay advantages to stealing identities? Well, if said exploits are, uh, exploited, it's a terrible idea for sure. On the other hand, if you give Riot a heads-up instead of being an evildoer, it'll give you some real coin for your work.

Yesterday, Riot announced that it's preparing to launch a "publicly accessible bounty program" so players and other interested parties can contribute to the security of League of Legends and the company's websites. Rather than just leave it at a simple reporting service, those who do dig up some juicy flaws will be rewarded for their efforts.

While it's current state is a "closed beta", the initiative has already proven fruitful:

Currently in closed beta, The Riot Bug Bounty program is only available to a few security professionals who we've already identified. These professionals have helped us squish more than 75 bugs, vulnerabilities and exploits, including client crash exploits, vision related exploits, and vulnerabilities that could potentially lead to player impersonation on forums.

...

While collaboration and insight is a motivation for some, cold hard cash is still a pretty great reward. Since the beta program’s initial kickoff in April 2013, more than $100,000 has been paid out to the small fellowship of invited participants.

There's no mention of a release date, so to speak, with Riot still hammering out a good "foundational workflow", but given it's a very unusual thing for a game developer to do (and a potential can of worms if not handled correctly) you can understand why it might be taking its time to get it right.

THE HUNT IS ON: INTRODUCING RIOT'S BUG BOUNTY PROGRAM [Riot Games]

Image: Riot Games


Comments

    Isn’t that backwards? Do you really want people actively looking for exploits in your game that could be used for anything from slight gameplay advantages to stealing identities? People are always actively looking for exploits in anything and most are more than willing to share that knowledge for the right price. Besides, this kind of thing has been going on for years in the browser world with events like Pwn2Own and Pwnium.

    I think with the amount of games that are released broken these days, all companies should be considering doing this also!

Join the discussion!

Trending Stories Right Now