Big Money in League of Legends

Next story

league

Riot Games, developers of the profoundly successful League of Legends, have paid out over $100,000 (£63,000) to security specialist via their “bug bounty program”. Mark James discusses the pros and cons of this kind of system.


In a recent press release Riot Games spoke in detail about their bug bounty system. Stating that they have paid out “more than $100,000” for “more than 75 bugs, vulnerabilities, and exploits” since April 2013 when the program began in earnest.

Currently they work with a small and select group of security specialist but give the impression that they will roll the program out to a wider audience in the future.


“A fraction of the cost”


“I think this type of program definitely has a place for finding bugs,” says Mark James, ESET security specialist.

“It’s a great way to get the community to find your vulnerability’s and pay them a fraction of the cost that a dedicated programmer would cost.”

Riot isn’t the only company to employ this kind of “bounty” system for finding flaws in their systems: PayPal have a similar system in place and there are whole events run on to find bugs for prizes.


“As long as we understand…”


Mark did have a caveat for his general praise of the program and similar programs being employed.

“As long as we understand the difference between vulnerabilities and bugs and make sure we don’t substitute good company practices like user education against targeted attacks in place of having someone find bugs for us.”

“These methods should be employed alongside all the existing methods already in place to safeguard data.”

I completely agree and although this could convert a few would-be hackers from black hats to a blue, grey or white hats, “there will be no shortage of people willing to find bugs for payment just as there is no shortage of people who will exploit these bugs to sell data on for monetary gain.”

Overall I really like this kind of program, particularly in a game, and in this case a game that has a huge audience and huge competitions with huge prize pools -$2.8m at their world championship.

It’s a brilliant way to build a strong community that won’t accept hacking in any form and knows that they can have an impact on the game, as opposed to just sitting at their keyboard and complaining.


We’d love to have you share your opinion on our LinkedIn group!

What do you think of this program and programs like it? Is it something you’d want to get involved with?