HP Inc. today announced the world’s first Bug Bounty Program for the Print industry. The program underscores HP’s commitment to delivering the World’s Most Secure Printers, providing trusted and resilient security technology from the hardware up.
This new program complements HP’s long established internal secure development processes, designed to ensure that products are developed with security in mind, throughout the development lifecycle.
In today’s evolving threat landscape where sophisticated malware targets businesses and individuals, protecting connected devices, like printers, at the edge of the network continues to be paramount.
HP selected BugCrowd to coordinate this private program for a selection of offensive security researchers to help identify vulnerabilities, helping raise the bar in security testing for printer security with an incentive-based model.
BugCrowd was selected for its trusted research contacts and versatile platform. The program will run indefinitely and is privately managed to ensure all vulnerabilities are disclosed.
According to a recent BugCrowd report, the emerging top attack vectors have been endpoint focused. Over the past year, there has been an increase of 21% in total vulnerabilities reported and an increase of 36% in total bug bounty payouts.
Security leaders are realizing better awareness and information about disclosed vulnerabilities is critical to their operational success.
Program highlights include:
- HP is committed to improving our overall printer device security and protection mechanisms. The bounty program is indefinite and highlights HP’s effort to reduce potential exposure points and vulnerabilities in Printers.
- The program has been designed with BugCrowd for fair and equitable pay-outs based on vulnerability, regardless of geographic location.
- BugCrowd will verify bugs and reward researchers based on the severity of the flaw bounty pay-outs will range from $500 to $10,000.
- If a researcher reports a qualifying vulnerability already found internally by HP, HP will assess and reward the disclosed vulnerability in good faith.
- Vulnerabilities found by researchers in the private program are required to be reported to BugCrowd.
The most up-to-date information on the HP Bug Bounty can be found on BugCrowd website.