While Super Mario battles Koopas, Piranha Plants and even Bowser himself, his maker Nintendo is waging war against another enemy altogether – bugs. In conjunction with vulnerability disclosure service HackerOne, the Japanese gaming company has launched a bug bounty program for its 3DS family of handheld, portable game systems.
According to a blog post and policy statement released Monday, Nintendo will pay security researchers anywhere from $100 to $20,000 for disclosing vulnerabilities, depending on the importance of the information delivered and the quality of the report. The company, known for its Mario and Pokemon game titles, noted that it would consider a disclosure “high quality” if it includes a proof of concept or, better yet, functional exploit code.
Nintendo further announced that it is specifically interested in vulnerabilities and exploits that enable piracy (including game application dumping and copied game application execution), cheating (including game application modification and save data modification) and the dissemination of inappropriate content to children. Bounties apply to system and hardware vulnerabilities, as well as bugs found in Nintendo-published 3DS applications.
UPDATE April 14, 2017: In March, Nintendo increased the scope of its bug bounty program to include its new Switch console.