h1 Qualifying Vulnerabilities The Secure@Sony team is interested in the following types of vulnerabilities: Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Unauthorized Cross-Tenant Data Tampering or Access (for multi-tenant services) Insecure Direct Object References Injection Vulnerabilities Authentication Vulnerabilities Server-Side Code Execution Privilege Escalation Significant Security Misconfiguration (when not caused by user) Directory Traversal Information Disclosure Open Redirects Sony Product Vulnerabilities (specific to the Sony designed/controlled components of the product) Sony reserves the right to reject any submission that we, in our sole discretion, determine does not meet the above criteria. Submissions that require manipulation of data, network access, or physical attack against Sony offices or data centers and/or social engineering of our service desk, employees or contractors will not be accepted. Submissions that result in the alteration or theft of Sony data, or the interruption or degradation of Sony systems will not be accepted.
Аттракцион невиданной щедрости прям...тогда понятно почему серваки Сони от школоты из анонимусов до всяких северокорейцев ломают регулярно