Sony has launched a bug bounty program that anyone can participate in, and rewards for reporting critical PS4 vulnerabilities can be up to $50,000, Sony Senior Director of Software Engineering Geoff Norton wrote on the PlayStation blog. While Sony had a bug bounty that was previously only available to private researchers, it’s now partnering with HackerOne to open the program to “the security research community, gamers and anyone else.”

PlayStation engineers are particularly interested in reports on PlayStation 4 hardware, operating system, accessories and the PlayStation Network, according to its bug bounty page on HackerOne. A report for a low-priority issue on PlayStation 4 would start at $500, while a critical issue could net up to $50,000. Reports for the PlayStation Network pay a little less — low priority issues start at $100 while critical issues pay $3,000.Companies like Apple, Google and Netflix have their own public bug bounties as well, so it’s not surprising to see Sony launch something for the PlayStation brand.

Security holes that leave the Xbox Live network vulnerable to spoofing attacks can earn researchers up to $5,000, for instance. Remote code execution exploits pay the most — from $10,000 to $20,000 — so long as they’re previously unreported vulnerabilities found in the latest version of Xbox Live.

Those who want to send in a submission will have to include reproducible steps to be able to claim a reward. And while the program covers quite a few different types of vulnerabilities, some things are out of scope, such as DDoS issues and URL Redirects.

The Xbox Live program is but one of the bug bounty programs Microsoft is running for its products and services. Some of them have a reward cap of $15,000, but the biggest program overall promises up to $300,000 for the most severe vulnerabilities found in the company’s Azure cloud computing services.

Now live!

The new Apple Security Bounty! https://t.co/T4A2vTGSnM

The new Apple Platform Security guide, featuring Mac for the first time!https://t.co/76qglenmif

(PDF version: https://t.co/8F4kb8izgD)

My Black Hat 2019 talk: https://t.co/bqs6A3VAQ8

Happy holidays!

— Ivan Krstić (@radian) December 20, 2019

The company has also published an information page detailing the program’s scope, rules and rewards — as you can see, vulnerabilities that could lead to network attacks without user interaction have the highest possible payouts, ranging from $250,000 to $1 million. In order to be eligible for a reward, the issue must be found in the latest publicly available versions of the company’s software and, if relevant, the latest hardware.

Researchers who find issues in developer and public betas could also get a 50 percent bonus, probably because discovering them will allow the company to conjure up a fix before they land on most users’ devices. As ZDNet notes, though, Apple has pretty stringent requirements to be able to claim rewards, including the submission of functional exploits for the issues being reported.

This might not go as far as some would like, since the permission requirement leaves researchers in a tough spot. While this increases the chances that a third party will be aware of and fix a data flaw, it also creates problems if the app or site creator doesn’t consent to testing. This doesn’t stop tests, but an investigator may have to accept that neither Facebook nor the third party will pay up.

So long as most companies cooperate, though, this could lead to more disclosures and better controls for your data. Facebook has a strong financial motivation to pay more, too. Whatever it spends on bounty rewards it might save by avoiding government fines for its data security.

You know who’s going to need some more, more, mooooooore Beyond Meat deliveries? KFC. The fried chicken chain made headlines this week when ravenous hordes of vegetarians descended upon one Atlanta franchise to try the company’s new chickenless nuggets, locusting through the stock of very-nearly-poultry in just a few hours.

Android users can rest easy knowing that their trusted apps are now even more, more, mooooooore secure thanks to Google’s expanded bug bounty program. More than a 100 million apps are eligible, which should give white hat hackers plenty of potential targets.

Save more, more, mooooooore than 39 percent off the full price of Disney+ if you prepay for three years. And if you think I won’t keep this bit up for the entirety of the post you’ll be wrong, wrong, wrooooooong.

Look, Netflix, I’m not trying to tell you how to run your business but when the knockoff streaming site that’s pirating your content has more, more, mooooooore content than you do, things might not be going as great as you think.

What more can I say, it’s right there in the headline. Oh wait no, the bit!

Google’s expanded initiative, called the Google Play Security Reward Program, offers rewards to developers who uncover issues in apps on the Play Store. Previously, the program only covered a set list of eight top apps, but now any app from the Play Store with more than 100 million installs is fair game. If developers discover and disclose a vulnerability in an app to Google, they can claim bounties of up to $30,000.

Typical bug bounty programs are run by companies to offer rewards to people who find security issues within the company’s own software. This program is unusual in that it offers bounties for finding vulnerabilities in other company’s apps as well.

“This opens the door for security researchers to help hundreds of organizations identify and fix vulnerabilities in their apps,” a Google spokesperson said. If an app developer has its own bug bounty program, bugs can be claimed from both the app developers and Google.

In addition, Google is launching a Developer Data Protection Reward Program to hunt down “data abuse issues” in Android apps, OAuth projects and Chrome extensions. This means findings apps which are using or selling users’ data without user consent. If a data abusing app or extension is reported to the program, it will be removed from the Play Store or the Chrome Web Store and the bug hunter will receive a payment of up to $50,000.

By including its other operating systems, Apple is extending the bug bounty program that it first launched for iOS in 2016. Researchers who discover security flaws that affect platforms other than iOS are eligible to receive payouts as large as $200,000. That is the same price Apple initially offered as a maximum reward for its iOS program. The company boosted that payout to $1 million today, only for iOS flaws that allow an attacker to gain full access to an iPhone or iPad without any physical interaction with the device. The company also added a $500,000 tier reward for security shortcomings that allow hackers to access user data.

Extending its bug bounty program to all of its platforms is a long time coming for Apple, and perhaps motivated by people withholding disclosure of bugs because of the lack of incentive. Earlier this year, a security researcher revealed that he discovered a flaw in macOS that could expose user passwords but refused to provide details to Apple because of the lack of a bounty program for the operating system.

Apparently, the tech giant plans to provide researchers part of its invite-only bug bounty program with iPhones that aren’t as locked down as the consumer version. Forbes says they won’t be as open as the ones reserved for the company’s employees, but they might be open enough to give researchers a way to look at the device more closely. The phones could, for instance, give the participants a way to inspect parts of the OS or specific components, such as the memory, to look for vulnerabilities.

In addition, the company is reportedly launching its long-delayed bug bounty program for Mac. Earlier this year, a researcher discovered an exploit that would allow bad actors to grab passwords from login and system keychains without requiring administrator privileges. He refused to tell Apple the vulnerability’s details, however, to protest the fact that its bug bounty program only pays out for iOS bugs and not for macOS ones.

As Patrick Wardle, principal security researcher at Jamf that found several issues in macOS, told Forbes: “If you’re a large, well-resourced company such as Apple, who claims to place a premium on security, having a bug-bounty program is a no brainer.” Providing rewards to security researchers for uncovering flaws in hardware and software could compel them to report the vulnerabilities to the company, making Apple’s products safer and more secure.