Devblog 48: Bug/Hack report/reward system

"EAC have been patching in the background. We were seeing problems with an error about SP2, that’s fixed. You should also be able to play on Windows 10 now.

It’s probably a good time to explain why we have these EAC guys working at this instead of doing it ourselves. We didn’t get into game development to fight these battles. Having a bunch of guys who specialise in this kind of stuff means we can concentrate on game development. Which is where we should be focusing all of our attention. And so far it’s working. There are hacks for Rust – there always are going to be. But there are a lot less hacks for the current version than there were for Legacy.

Something I’ve been considering lately. There are situations where someone will find an exploit, or a way around EAC, and they’ll keep it a secret. Would it be a good idea to start a kind of reward system – where people revealing ways around our anti-cheat solutions would get a cash reward for reporting unreported exploits?"

Well this combined with the networking changes (moving to raknet) is all very good to hear.

The rewards system— I think thats an awesome idea! IMO a great reward would be (after final approval or something) would be a giftable copy of the game. I mean, it has a direct value on it, it will help build the player base and community, and if anyone playing this game cares enough about the game to report massive glitches/hacks I am sure that they would be more than happy with an extra copy of Rust to gift to a friend.

Anyone else have any ideas on this?

I was just going to post something about this. I think real $$ is better, and to perhaps have different reward levels based upon the severity/complexity of the exploit or cheat.

you will be surprised how many exploits you could find if you offered cash reward, money talks over the small advantage one would get by keeping it to them selves.

Yea that would be the drawback of game copies, there is not a linear scale for rewards. Im not sure if it would even be possible to have a reliable real money system, or if there would be any Tax issues with it (I honestly have no idea), but that would be unreal.

Is there such a thing as gift certificates on steam? If they could have codes for different size gift certs that would be almost equivalent to cash IMO. Would love to knock some cost off of Project Cars when it releases.

Mabye games from facepunch or rust cards, anything!

Of course, then you will have to read a lot of people trying to post false exploits in order to get money, or w/e they think is an exploit.

“Oh I entered a house once when I saw the door opened and the owner of the house said it was closed, it is an exploit, plz reward me”.

That doesn’t work exactly as expected.

I’m sure FP isn’t stupid enough to accept every request as absolute fact, and the process of submitting an exploit would probably involve the following:

1. Exact detailed steps to perform said exploit.
2. Version of Rust said exploit was performed on.
3. What server the exploit was performed on, or if it was performed on a server the particular client made.
4. Logs of server/game activities.

Probably a good bit more than that and in a good bit more detail, but the exploit would have to be something that FP/EAC could reproduce themselves on the codebases of the game they are releasing to the public (dev and stable).

If the requested information is not present in your claim, it is disregarded by FP/EAC until you provide said information.

If FP/EAC can’t reproduce it via the information they acquired, then it isn’t a valid exploit and you get no reward.

You’re gonna run into big ol’ issues when multiple people submit the same bug/exploit within a relatively short period of time and you have upset folks asking why they’re not getting their reward

It seems premature to do this now considering the stage of development. Knowledge of exploits seems to spread pretty quickly now as it is.

On the topic of cash rewards, I wonder where the money paid out will come from. If the money comes from their pockets, or from their finished games, then I can imagine no one would have a true issue with it. But if the money is coming from what they have made through Rust, I can imagine there will be quite a few ethical boundaries to push through, with the game still being in early access and all.

Personally, I approve of this sort of system, regardless. It has proven to be effective, with our own government regularly employing hackers and the like to keep our global defenses up to snuff.

What ethical boundaries? How do you distinguish whether the money is from Rust or from GMod?

Some developers do not know how to keep their mouths shut. :wink: In any case, I am not a huge fan of political correctness. I gave you and Facepunch my money, got my hundreds of hours in, and for all I know, you all could have used it to buy strippers and cheap booze - I would not care.

I don’t care what they do with the money they earned as long as they keep making games. It’s their business, and their choice. My clients don’t come and check on how I spend the money they pay me with.

Sounds like a great incentive. When my sites have been hacked and i’ve found the person doing it they’ve been more than helpful if you don’t treat them like dirt… They are just curious kids most the time - and to be honest their skills sometimes are beyond epic.

Bingo. They can spend it on hookers and blow for all I care, as long as the work continues on the game. Garry and Co. have earned their well deserved money.

Agreed. For the relatively low price I paid for the game, I have seen enough effort out of FP and Garry to safely say my $ went to game development.

And I am sure if anyone interested in buying Rust sees something about “Earn money back for useful feedback!”, they will be very intrigued.

Seriously though, steam gift certificates-- is there such a thing? I think this may be the best option (if they are not mythical) since its not like they are every going to put the $ back in your paypal/credit card. Not if it is going through steam, and not if it is not a direct refund for a purchase.

Personally I see no difference with a cash incentive, and employing paid testers to stress test the systems in-house. They’re one and the same and will, in both cases achieve good results.

However, it has been proven time and time again that a community will always bring to light flaws in systems, that small groups of developers will undoubtedly miss.

I do doubt though, that the Rust community would truly have issues with incentive payouts being made from Rust titles sales etc. After all, the income from copies of rust is already pumped back into further development (as proven by the progress made over the past few months) and I’m sure all would agree that strengthening the game “security” is as high a priority as core development itself?

I for one also welcome this move, I think its a bold strategy that would work very well in reducing the amount of hacks / exploits in the game.

I think it’d be cool if you could get like custom nametags or default-server-consistent unique clothing item bp’s as an option instead of cash.

how much cash? cause alot of people make alot of money from selling the methods

First come first serve. These forums have time stamps. It’s stupid easy to see who reported it first.