Nintendo Switch News: Up To $20K 'Bounty' for Every Console Vulnerability Discovered
Nintendo encourages independent researchers to help them spot security vulnerabilities in the Nintendo Switch by offering a "bounty" for every issue reported.
Nintendo has been using the HackerOne platform to reach out to security researchers and analysts to enlist their help in discovering vulnerabilities. Their bounty/rewards program through HackerOne started in December 2016 for the Nintendo 3DS.
Now, more than a month after the Nintendo Switch's release, the company has expanded their HackerOne-based reward program to spot security exploits on their newest console.
On Nintendo's official HackerOne page, the company determined three main categories of activities it wants to prevent through the said platform. Theseare game application piracy, cheating through modification of game codes, and the spread of "inappropriate content to children."
However, not every reported issue may be eligible for a reward, which ranges from $100 to $20,000. Nintendo explained (through the same HackerOne page) that they reserve the right to determine the gravity of any identified vulnerability, if it is worthy to receive monetary reward and "how the reward amount is calculated."
"The reward amount depends on the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc," Nintendo further explained.
A security researcher's report gets the chance to be evaluated as "high quality" if they can also present a "proof of concept" and "functional exploit code." However, even without those, Nintendo still encourages everyone to submit reports provided that the said paperwork will follow within three weeks.
As of writing, the Nintendo HackerOne page says the company has rewarded three researchers with bounty in the last few days.
This bounty scheme has been used by several other big companies to enlist hackers' help in learning about vulnerabilities and exploits. For example, it was revealed last month that an Indian security analyst named Anand Prakash had discovered a potential code exploit that could have given everyone free Uber rides forever. The said issue has been resolved and Prakash was reportedly rewarded $5,000.