HP targets print security with bug bounty program
Total print vulnerabilities across the industry have increased by more than a fifth during the past year.
HP Inc. has announced bug bounty program aimed at print security, with awards of up to $10,000 to for vulnerability identification.
HP selected Bugcrowd, a crowdsourced offensive security company, to manage vulnerability reporting, further enhancing HP’s business printer portfolio.
“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” said Shivaun Albright, HP's chief technologist of print security. “HP is committed to engineering the most secure printers in the world.”
HP is the first company to invest in a dedicated bug bounty program for printing devices, offering customers protection from attacks that are targeting both businesses and employees. According to Bugcrowd’s recent report, the top emerging attackers are focused on endpoint devices, and the total print vulnerabilities across the industry have increased 21% during the past year.
“CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organisation,” observed Justine Bone, CEO, MedSec and security advisory board member for HP.
The Bug Bounty program includes, vulnerabilities found by researchers in the private program are required to be reported to Bugcrowd; reporting a vulnerability previously discovered by HP will be assessed, and a reward may be offered to researchers as a good faith payment; and, Bugcrowd will verify bugs and reward researchers based on the severity of the flaw and awards up to $10,000.