Video game giant Nintendo has set up a bug bounty program through HackerOne’s platform, and is asking researchers to find and flag vulnerabilities in the Nintendo 3DS family of handheld game systems.
For the moment, the company is not interested in reports about vulnerabilities in other Nintendo platforms, their network service or their servers.
They are interested in system, software and hardware flaws that could allow game application dumping and copied game application execution, game application modification and save data modification, as well as dissemination of inappropriate content to children.
The company is ready to reward quality reports containing PoC or functional exploit code with up to $20,000. The final amount of the bounty will reflect the seriousness of the found vulnerability, i.e. how sever and easily exploitable it it.
But, Nintendo says that it will not disclose how the reward amount is calculated, nor will it disclose to the public the amount of any reward it distributes to successful researchers.
“The reward will be paid after the reported vulnerability has been fixed by Nintendo, but no later than four (4) months after Nintendo has confirmed the reported vulnerability,” the company noted.
For more details about the scope of the program and report requirements, go here.