Nintendo Launches Bug Bounty Program With HackerOne

Over the past few years, a handful of companies have turned to the public to help make their technologies and gadgets much more secure. Facebook, Yahoo!, Reddit, and even Google have enlisted the public’s help to identify and stop bugs. Primarily, the goal is to locate and remove potential exploits and vulnerabilities from the company’s software and websites. The concept was originally created by Jarrett Ridlinghafer, who was working with Netscape Communications Corporation at the time. Thanks to efficiency and effectiveness of┬áthese programs, many of the biggest names in technology have adopted such practices.

Nintendo joined that list on December the 5th of 2016. According to the company’s HackerOne page, the goal of the program is to ensure Nintendo’s customers are able to enjoy their games in a secure environment. The company is only interested in vulnerabilities related specifically to their Nintendo 3DS handheld consoles. They will not accept information pertaining to other platforms. According to a recent release from Fortune, the company is offering a reward ranging from $100 to $20,000 to gamers, who submit tips to the company.

The company has a few specific objectives in mind. They include the following.

  • Preventing piracy, such as game dumping and copied game execution
  • Stopping cheats, including saved game modification and game application manipulation

Nintendo also hopes they’ll be able to aid parents that wish to keep inappropriate content from reaching their children. The long-time video game developer intends to use the information generated from the HackerOne platform to eliminate system vulnerabilities. Nintendo will offer a reward for each piece of vulnerability information, which qualifies. It is entirely up to Nintendo to determine whether or not a piece of information is eligible and how much of a reward to disperse to the informant.

However, the company admits the reward amount will depend on the importance of the information submitted, as well as the quality of the report. Easy exploits are deemed more important and submitting a proof of concept is also likely to net the informant a bigger reward. Nintendo will make sure the reward is paid after the vulnerability has been confirmed and fixed. There is a maximum wait time of 4 months from the period that Nintendo confirms the reported vulnerability.

Finally, Nintendo will not disclose any reward payouts to the public. Those that are interested in learning more about Nintendo’s bug bounty should visit their HackerOne page here. On this page, users will be able to find a report template, so they can ensure their information is submitted accurately.