Intrepid should hire a Manfred or set up a bug bounty program

So who or what is Manfred? https://darknetdiaries.com/episode/7/ (fascinating 2 podcast episodes)
Its the name off a hacker and mmorpg player. He played the game, knows it inside out, then he starts to hack it and find what is possible. Getting lots of gold, experience, talent points, destroying ppl's houses.. Then went to ebay and sold items, gold etc. He reported the vulnerabilities to the devs but he just gets banned.

The fact is every mmorpg has flaws in the code he could exploit. So you need Someone like him who tests your environment. Or set up a bounty program and reward players with cash if they find real exploits.

Many will have seen the South Park episode World of War craft. There was this fat guy killing everyone, that was basicly Manfred. Then he gets banned. I think AoC should have a weapon called Sword of a thousand truths for nostalgia sake and an honor to SP.. For one of the best episodes. (make it strong and legendary).
Thanks for reading 😉

Edit: setting up a bug bounty program https://www.aon.com/cyber-solutions/thinking/set-up-bug-bounty-program-ten-steps/

Find more posts tagged with

Comments

Wandering Mist

In theory the studio's internal QA testers should pick up most of the bugs and exploits before the game is released to the public, but as we all know there is always things that slip through, or can't be fixed in time for release.

The problem is that a lot of studios take it personally when the players discover exploits of weaknesses, even if the players found the exploit by accident. Yesterday I posted on here about a recent incident where a Fallout76 player got banned for reporting an exploit, which just goes to show how insecure some developers are. I hope Intrepid will be smarter than that and actually work with the players rather than against them, but time will tell on that.

Damokles

I think that this would be a good idea. Have you ever watched the spiffing brit? He makes videos about such bugs, and they are really entertaining, some of the methods are so crazy, that no one would ever get those ideas (except if you knew how some of those bugs work).
He recently made videos about the outer worlds with an infinite item bug, or unlimited stats in elder scrolls oblivion.

My opinion is that many game studios dont really test many games that rigurously anymore, and just let players in their betas do the work. Another fact is that QA testers get the least amount of resources or recognition in the gaming industry.

unknown

This content has been removed.

sunfrog

Manfred must die.

Nagash

No manfred

Noaani

leamese wrote: »

Or set up a bounty program and reward players with cash if they find real exploits.

Microsoft and Google both have long standing programs like this, and I think (though don't quote me on this) Apple does too.

I personally think it is one of the best ways to deal with potential hacks. Set up a section of the forum where you can only see threads you have started yourself, and ask people to post exploits they have found there.

If someone (or several someones) report an exploit that is new to the development team, reward them with subscription time on their account.

This provides a carrot to contrast with the stick of banning accounts that make use of exploits and such.

leamese

Most big tech have a bounty program apple sure does too. Security should be at the foundation to writing code, but that's hardly the case. I hope intrepid will be mature enough to not ban ppl for reporting an exploit and solve the issue and fix the code.

Rewards can differ from embers, subscription time to cold hard cash for exploits that give unlimited gold or something (which is gevestigd in a competitive world.

I would love to see a bounty program. I will ask that for the next live stream QnA.
I must say I will be kinda disappointed if there will be no bounty program.

leamese

How to set up a bug bounty program : https://www.aon.com/cyber-solutions/thinking/set-up-bug-bounty-program-ten-steps/

Noaani

leamese wrote: »

I must say I will be kinda disappointed if there will be no bounty program.

Being disappointed that Ashes doesn't have a thing that no other MMORPG has seems... odd.

leamese

noaani wrote: »

leamese wrote: »

I must say I will be kinda disappointed if there will be no bounty program.

Being disappointed that Ashes doesn't have a thing that no other MMORPG has seems... odd.

It's personal opinion/feeling. I am a system/security engineer and I find it really important. Not because other companies don't do it, Ashes shouldn't do it too. If everyone follows that philosophy we would get nowhere.

Noaani

leamese wrote: »

noaani wrote: »

leamese wrote: »

I must say I will be kinda disappointed if there will be no bounty program.

Being disappointed that Ashes doesn't have a thing that no other MMORPG has seems... odd.

It's personal opinion/feeling. I am a system/security engineer and I find it really important. Not because other companies don't do it, Ashes shouldn't do it too. If everyone follows that philosophy we would get nowhere.

I'm not saying it isn't something you should want.

I want it too. I think it would be great if Ashes had it.

However, I'm not going to be disappointed if Ashes doesn't have it because I have no reason to be. If the only examples of companies that have it that we can find are Microsoft, Google and Apple - three of the biggest companies on the planet - you really can't be disappointed if a startup doesn't have it.

It's just not logical - personal opinion/feelings or not.

leamese

I want to avoid a fallout 76 scenario mentioned above. Also important is the ideology and stance that intrepid takes. And its beneficial to think about it in advance, not when major exploits pop up an get reported. Ok. What is the risk reward to set this up? It can be low level and not expensive.. Depends on the implementation

leamese

Confirmed in the 17/12 livestream. There will be a bug bounty program to report vulnerabilities and exploits. Thanks intrepid

Atama

leamese wrote: »

Confirmed in the 17/12 livestream. There will be a bug bounty program to report vulnerabilities and exploits. Thanks intrepid

That just means you’ll be doubly disappointed when it doesn’t happen.

unknown

This content has been removed.

Makinoji

...

Child Item