Riot Offers Large "Bug Bounty" for Finding Security Flaws in Valorant's Anti-Cheat System

General
Riot Offers Large "Bug Bounty" for Finding Security Flaws in Valorant's Anti-Cheat System

Valorant is already an immensely popular shooter despite still being in very limited closed beta testing, but some gamers have expressed concerns about its Vanguard anti-cheat system, which runs while Valorant is active. It consists of two parts: a client and an always-active kernel-mode driver that is loaded at boot time. It's pretty technical (click here if you want to know more), but the short version is that the presence of the kernel raises concerns about security and privacy risks.

Earlier this week, Riot posted an explanation of what Vanguard is and why, in Riot's view, people need not worry about it. Today, Riot followed that up with a new message that talks about his approach to security in general and his "philosophy" toward Vanguard in particular.

"Vanguard does not collect or process any more personal information than League of Legends' current anti-cheat solution does." Riot does not want to know more about you or your machine than what is necessary to maintain the high integrity of the game."

They also provided a general overview of how the system works:

Riot also put their money where their mouth is (literally) by announcing the expansion of the HackerOne bug bounty program Riot has also invested money (literally) by announcing the expansion of the HackerOne bug bounty program Riot has also invested money (literally) by announcing the expansion of the HackerOne bug bounty program Riot has also invested money (literally) by announcing the expansion of the HackerOne bug bounty program Valve, Rockstar, Microsoft as well as offering cash rewards to those who find and report security vulnerabilities in their services, and has now expanded its program to include a specific reward for Vanguard.

"Along with our new game Valorant, we have deployed Vanguard, a new anti-cheat solution that leverages kernel drivers to more effectively fight cheaters," the HackerOne page states." To reinforce our commitment to player security, we are offering a special reward of up to $100,000 for high-quality reports that demonstrate actionable exploits that leverage the Vanguard kernel driver."

[12

There are various eligibility requirements and a meeting with Riot is required to discuss the details of the reported security flaw, but as stated on the reporting page, "If Riot needs to implement code changes to fix a security bug, it is Riot's regular bug bounty program, which has been in place for six years (Riot says it has paid out about $2 million in bounties), will continue as usual.

Riot also expanded the opportunity to participate in the Valorant closed beta, announcing earlier this week that access keys are now being granted through all Valorant streams on Twitch.

Categories