In the League of Legends world, your nexus is protected from outside threats by a strong team of diverse champions. It’s similar to how you should approach security in the real world, and wouldn’t it be better to have more and better champions working on your team?
“If you're going into a bush blind, you don't know what's going to happen,” says David Rook, Riot Games’ product lead of application security, in a recent blog post aptly titled Why We Pay Hackers to Break Us.
“We see that as similar to security; if we don't know about these security problems, then malicious people can exploit them.”
Riot Games runs a bug bounty program with HackerOne, bringing together, and rewarding, some of the best white-hat hacker champions in the world. Their bug bounty program has paid out more than $1 million, and they attribute its success to the respect they have for the hacker.
That one time we sent Riot Games a cake :)
Riot shows respect to hackers by giving a clear set of rules, treating them as part of the team, keeping the program simple, and appreciating the time and effort hackers put into their work.
In a bug bounty program, “appreciation” generally means payouts, and Riot Games is towards the top of their sector in payouts. In fact, they’ve paid out more than $10,000 for serious bugs, and they give more reasons as to why they do it on their blog. Check it out.