HP Launches First ‘Bug-Bounty’ Vulnerability Reporting for Printers and Copiers

HP Inc. today announced the industry’s first “bug bounty program” for printers and copier/MFPs, a move it says underscores its commitment to providing the world’s most secure printers. Under the program, researchers who spot vulnerabilities in its HP printers and copier/MFPs may receive rewards of up to $10,000.

HP selected Bugcrowd, a provider of crowd-sourced offensive security, to manage vulnerability reporting, which it says will further enhance its business-printer/copier portfolio.

The firm says that with its extensive history of device-security innovation and new industry security standards, this print-focused bug-bounty program is yet another way it’s leading the way when it comes to providing the highest-level security for its customers and partners.

According to HP, it’s the first company to invest in a dedicated bug-bounty program for printing devices, offering customers protection from attacks that target both businesses and employees. According to Bugcrowd’s recent report, the top emerging attackers are focused on endpoint devices such as printers, and the total print vulnerabilities across the industry have increased 21 percent during the past year.

Justine Bone, CEO, MedSec and Security Advisory Board member for HP, commented: “CISOs are rarely involved in printing-purchase decisions yet play a critical role in the overall health and security of their organization. For decades, HP has made cybersecurity a priority rather than an afterthought by engineering business printers with powerful layers of protection. And in doing so, HP is helping to support the valuable role CISOs play in organizations of every size.”

The Bug Bounty program includes:

  • Vulnerabilities found by researchers in the private program are required to be reported to Bugcrowd.
  • Reporting a vulnerability previously discovered by HP will be assessed, and a reward may be offered to researchers as a good faith payment.
  • Bugcrowd will verify bugs and reward researchers based on the severity of the flaw with awards up to $10,000.

More information on HP’s business printer portfolio and security features can be found here.

More Resources

%d bloggers like this: