HP Launches Print Security Bug Bounty Program

HP has rolled out what’s believed to be the industry’s first print security bug bounty program. The Palo Alto-based company will be working in collaboration with Bugcrowd, a San Francisco-based company with a crowdsourced security platform, which will manage vulnerability reporting. According to Bugcrowd’s recent report, the top emerging attackers are focused on endpoint devices, and the total print vulnerabilities across the industry have increased 21% during the past year.

“CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organization,” said Justine Bone, CEO, MedSec and Security Advisory Board member for HP. “For decades, HP has made cybersecurity a priority rather than an afterthought by engineering business printers with powerful layers of protection.”

According to the terms of the program, vulnerabilities discovered by researchers must be reported to Bugcrowd for further investigation. Verification of the vulnerabilities can result in a cash reward of up to $10,000 based on the severity of the flaw.

Channel Impact^®
As the cyber threat landscape becomes increasingly complex with an increasing number of potential attack surfaces, prominent vendors need to make a concerted effort to uncover every possible vulnerability. Programs such as this one demonstrate the value that can be delivered by third-party efforts to uncover bugs that can compromise the security of business customers and consumers, alike.