As the developers of arguably the most popular game in history. Riot Games recently announced a new incentive that will see players and security enthusiasts get rewarded for identifying weaknesses in the League of Legends client and security measures.
A short time ago an individual researching into common security practices and protocols discovered a vulnerability in the League of Legends client and proceeded to contact Riot Games with the hopes of making them aware of the problem. Sadly however it took over a week before Riot’s security team actually got around to investigating the claim. Riot have since acknowledged that this response time is not acceptable and will soon launch a new incentive program to help solve the problem.
[quote cite=”Riot Games, Official Blog”]
“No software connected to the internet can be considered 100 percent secure. We know that smart people all over the world poke at our software, websites and infrastructure, looking for weaknesses. Some will successfully find security vulnerabilities. When this happens, it’s critical that we become aware of the vulnerability ASAP so that we can fix it before it’s widely abused.
The people who find these flaws make up a diverse community whose motivations range from curiosity to malicious intent, and everything in between. Unfortunately, there was no efficient way for the good guys to to report security bugs. Nor was there a clear incentive to do so.”[/quote]
The new Bug Bounty program is currently only available to a few hand-selected members of the online security industry but it has been recorded that the developers have already paid out over $100,000 to those reporting the problems.
More information is expected to be available “soon”.
Source: Official Website