{"id":99046,"date":"2019-08-23T17:12:00","date_gmt":"2019-08-23T17:12:00","guid":{"rendered":"http:\/\/www.gamasutra.com\/view\/news\/349352"},"modified":"2019-08-23T17:12:00","modified_gmt":"2019-08-23T17:12:00","slug":"valve-tweaks-bug-bounty-program-after-mistakenly-turning-away-researchers","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2019\/08\/23\/valve-tweaks-bug-bounty-program-after-mistakenly-turning-away-researchers\/","title":{"rendered":"Valve tweaks bug bounty program after ‘mistakenly’ turning away researchers"},"content":{"rendered":"

Valve has expanded the scope of its HackerOne bug bounty program after a researcher was turned away for submitting a valid vulnerability found in Valve\u2019s game distribution platform Steam.<\/p>\n

That change to the program comes as part of a larger story covered by Ars Technica<\/a> in which two researchers had their bug bounty submissions rejected by the HackerOne campaign, and in one case being told they were no longer able to submit future bugs following the rejection.<\/p>\n

Following one of these rejections, Valve issued a statement to Ars acknowledging that the researcher was \u201cincorrectly turned away\u201d and that the idea that his report was classified as out of scope \u201cwas a mistake.\u201d<\/p>\n

\u201cOur HackerOne program rules were intended only to exclude reports of Steam being instructed to launch previously installed malware on a user\u2019s machine as that local user. Instead, misinterpretation of the rules also led to the exclusion of a more serious attack that also performed local privilege escalation through Steam,\u201d reads the statement.<\/p>\n

The new update to Valve\u2019s HackerOne program now states that those above issues do fall within the scope of the bounty program. Beyond that, Valve notes that it is reviewing the details of the situations with some researchers, likely those mentioned in Ars\u2019 report<\/a>, but will not comment on any specifics.<\/p>\n","protected":false},"excerpt":{"rendered":"

Valve has expanded the scope of its HackerOne bug bounty program after a researcher was turned away for submitting a valid vulnerability found in Valve\u2019s game distribution platform Steam. That change to the program comes as part of a larger story covered by Ars Technica in which two researchers had their bug bounty submissions rejected […]<\/p>\n","protected":false},"author":2,"featured_media":99047,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-99046","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/99046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=99046"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/99046\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/99047"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=99046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=99046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=99046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}