Want to earn $10,000 for hacking?
August 1, 2018
HP has launched the industry’s first print security bug bounty programme for its printers, paying hackers up to $10,000 (€8,566) for every verified bug found.
The OEM announced the industry’s first print security bug bounty programme, underscoring its commitment to “deliver the world’s most secure printers.”
HP Inc. selected Bugcrowd, a global company in crowdsourced offensive security, to manage vulnerability reporting, further enhancing HP’s business printer portfolio. HP explained that with its history of device security innovation and driving new industry security standards, this print-focused bug bounty programme is yet another way HP is leading the way when it comes to providing the highest-level security for its customers and partners.
“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” said Shivaun Albright, HP’s Chief Technologist of Print Security. “HP is committed to engineering the most secure printers in the world.”
HP claims it “is the first company to invest in a dedicated bug bounty programme for printing devices, offering customers protection from attacks that are targeting both businesses and employees.”
According to Bugcrowd’s recent report, the top emerging attackers are focused on endpoint devices, and the total print vulnerabilities across the industry have increased 21 percent during the past year.
“CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organisation,” said Justine Bone, CEO, MedSec and Security Advisory Board member for HP. “For decades, HP has made cybersecurity a priority rather than an afterthought by engineering business printers with powerful layers of protection. And in doing so, HP is helping to support the valuable role CISOs play in organizsations of every size.”
The Bug Bounty programme includes:
- Vulnerabilities found by researchers in the private program are required to be reported to Bugcrowd.
- Reporting a vulnerability previously discovered by HP will be assessed, and a reward may be offered to researchers as a good faith payment.
- Bugcrowd will verify bugs and reward researchers based on the severity of the flaw and awards up to $10,000 (€8,566).
Categories : Products and Technology