Nintendo has today launched a campaign in which users can claim a reward of up to $20,000 by reporting security flaws in the company’s 3DS family of consoles.
Created in collaboration with vulnerability disclosure service HackerOne, Nintendo’s Bug Bounty Program is calling on hackers to share their research into potential security holes in their handheld systems in exchange for between $100 and $20,000.
In the official campaign post, which also displays a running total of the number of bugs reported, Nintendo has issued the following mission statement:
“Nintendo’s goal is to provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo’s platforms.”
The company goes on to state that the program is aimed at combating piracy, cheating, and the dissemination of inappropriate material to children.
Nintendo says that it is interested in receiving information on 3DS system and hardware vulnerabilities, and vulnerabilities regarding Nintendo-published applications for the console. Interestingly, it adds:
“Currently, in the context of the HackerOne program, Nintendo is only interested in vulnerability information regarding the Nintendo 3DS family of systems and is not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information.”
In order to qualify for a reward, users must effectively consent to a non-disclosure agreement regarding the vulnerability they are reporting. According to Nintendo, “the reward amount depends on the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.”