playstation.com

Legal

UK Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

Information on minimum security update periods

For details on the minimum security update period for your product please refer to the table below

Product Description (Model Number)

Minimum Security Update Period

PlayStation 5 (CFI-7021, CFI-2016, CFI-1216A, CFI-1216B, CFI-1116A, CFI-1116B, CFI-1016A, CFI-1016B)

April 2027

PlayStation 4 (CUH-2216A, CUH-2216B)

April 2027

PlayStation Portal Remote Player (CFI-Y1016)

April 2027

Pulse Elite Wireless Headset (CFI-ZWH2)

April 2027

Pulse Explore Wireless Earbuds (CFI-ZWE1)

April 2027

*The defined support period is the minimum period PlayStation will provide security updates for the listed products. This period may be updated from time to time and updates will be posted on this webpage. Note that this information only covers security updates and does not guarantee the availability of PlayStation's online services.

Information on how to report security issues

Sony Interactive Entertainment supports both the PlayStation bug bounty program for certain PlayStation products and the Sony Global security program for all other Sony assets not covered by the PlayStation bug bounty program. Our global information security team is dedicated to protecting our assets, services, products, and customer information. We value the research community's contributions to our security and welcome collaboration.

 We accept reports of vulnerabilities that could compromise the integrity, availability, or confidentiality of our products, services, or IT infrastructure, provided they meet our submission guidelines (find out more in the links below).

PlayStation Products 

To find out which products are included in the PlayStation bug bounty program, please visit https://hackerone.com/playstation/policy_scopes

From here you can submit a vulnerability report directly using the button at the top of the page, or by following this link: https://hackerone.com/playstation

Sony Products

For all other Sony assets, please report it through Secure@Sony: https://secure.sony.com/ which includes a tab on submitting a vulnerability report. 

Timelines*

You will receive acknowledgement of a reported security issue within 5 business days and status updates will be provided until the resolution of a reported security issue within 30 business days**.

*Please be aware that if you are reporting a vulnerability concerning third-party games playable on PlayStation consoles, the report will be passed over to the third party concerned for a resolution.

**These timelines are subject to change from time to time and may be impacted by incident-specific considerations.