This information is published in accordance with Nintendo’s obligations under the Product Security and Telecommunications Infrastructure Act 2022 and the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
The information published relates solely to product security; it is not a guarantee or promise relating to the availability of any online service provided by Nintendo.
The minimum length of time for which security updates will be provided for each of the following products is set out in the table below.
Product Name | Defined support period* |
---|---|
Nintendo Switch: HAC-001(-01) Nintendo Switch – OLED Model: HEG-001 Nintendo Switch Lite: HDH-001 | Until (at least) 12 November 2026** |
Software for Nintendo Switch Consoles that is developed by Nintendo and made available for sale in the United Kingdom | Until (at least) 12 November 2026** |
Nintendo Switch Dock with LAN Port: HEG-007 | Until (at least) 12 November 2026** |
Nintendo Sound Clock: Alarmo: CLO-001 | Until (at least) 12 November 2026** |
* The defined support period is the minimum length of time for which software updates will be provided by Nintendo as and when necessary to protect or enhance the security of the products listed above. Nintendo may extend the defined support period from time to time to ensure the continued compatibility and the security of the products and their compliance with any applicable laws, and updates will be published on this webpage. Please note that the information published here relates solely to security updates; it is not a guarantee or promise relating to the availability of any online services provided by Nintendo.
** These dates given here, set based on European law requirements, indicate a date two years after the date of the latest update of this webpage, and may be extended from time to time.
Date of last webpage update: 12 November 2024
Nintendo is making its UK vulnerability disclosure policy publicly available. This policy sets out the processes by which security researchers and others may report issues to Nintendo about possible vulnerabilities in its hardware and software, and the third party software used on its hardware.
This policy may be updated from time to time to ensure Nintendo maintains transparency and clarity in dealing with security researchers and others making reports.
This policy includes:
(i) a clear explanation of the points of contact for the reporting of issues; and
(ii) information on expected timelines for the initial acknowledgement of receipt and status updates until the resolution of the reported issues.
All genuine security issues or vulnerabilities with the products listed below should be reported to PSTI-Report@nintendo.co.uk:
Encrypt your submission using our PGP key (Key Fingerprint: 2E4186E3B52E94E6880CF200EC38CC0CC78AE16E / Key ID: EC38 CC0C C78A E16E), and attach your own public PGP key to the email.
Include the following information in your report:
Nintendo has enlisted the help of the HackerOne community to coordinate global vulnerability reports, pay out bug bounties and make its products more secure. If you wish to submit a report about products in scope* through HackerOne, please:
(1) email us the report ID number of HackerOne via PSTI-Report@nintendo.co.uk to receive acknowledgement of receipt and regular updates, otherwise we will not be able to track your report; and
(2) do not submit your report via email as this creates unnecessary duplication and you will not be rewarded for reports submitted outside the HackerOne programme.
* To find out which products are included in the bug bounty program, please visit https://hackerone.com/nintendo/policy_scopes
When you submit a genuine report on an issue affecting security to Nintendo via the email address set out above as the point of contact, Nintendo will provide you with certain updates:
(i) You will receive an initial acknowledgement of receipt of your report within 7 working days from the date on which the report is submitted; and
(ii) You will also receive status update(s) on your security report at least every four weeks until the resolution of the issue that you reported.
In relation to the status updates, Nintendo will always act on any reported vulnerabilities in a timely manner. However, the timeframes for investigating and reporting on any vulnerability are always incident-specific.
Please note that if you are reporting on a vulnerability relating to third-party games that are playable on Nintendo consoles, the timeframe for completing the processes is dependent on the third party and therefore outside of Nintendo’s control.
Date of last webpage update: 10 October 2024