Riot Games is building the foundation for a “Bug Bounty” program that will pay users for information on hacks and exploits in League of Legends.
The program is still in closed beta accessible to only a select few, but has already paid out over $100,000 to those reporting issues. It’s always been possible to find a hole in security or a bug to exploit for malicious tomfoolery, but the process of reporting said issues to Riot could take upwards of a full week for them to receive and make note of. Riot made a post to their blog explaining why the felt this was a necessary step to support their game:
No software connected to the internet can be considered 100% secure. We know that smart people all over the world poke at our software, websites, and infrastructure, looking for weaknesses. Some will successfully find security vulnerabilities. When this happens, it’s critical that we become aware of the vulnerability ASAP so that we can fix it before it’s widely abused.
The people who find these flaws make up a diverse community whose motivations range from curiosity to malicious intent, and everything in between. Unfortunately, there was no efficient way for the good guys to report security bugs. Nor was there a clear incentive to do so.
The blog post goes into more detail as to why they wanted to go into this direction and notes that while the program is still in a closed beta, the current contributors have already “helped [Riot] squish more than 75 bugs, vulnerabilities, and exploits, including client crash exploits, vision related exploits, and vulnerabilities that could potentially lead to player impersonation on forums.”
Riot has always supported League of Legends fiercely, and this new focus on incentivizing help with security and bug squashing is an even further step in the right direction. Take notes, Ubisoft.
