HP is the First Computer Company To Offer A Bug Bounty on Printers

Computer company HP has recently launched a new program aimed at drastically reducing bugs in new printers.  With all new technology, bugs are common but this effort could help to introduce a new standard in home/office.  And now that we are entering an age where most devices are connected to the internet in some way, it is increasingly more important to identify any weakness or flaw that might jeopardize security and functionality.

The new HP program offers a reward of up to $10,000 for anyone who discovers bugs in their new printers.  More specifically, the company has partnered with Bugcrowd to offer $500 to $10,000 for each bug discovery (depending, of course, on the type of bug).  It is the first such bug bounty program specifically for printers.

“HP has offered a way for researchers to disclose bugs to our team for a long time now,” Shivaun Albright, HP’s chief technologist of print security said. “This is our first bug bounty program, and the world’s first Print specific bounty, to be managed by an external party.”

Obviously, HP is looking to gain a public reputation as having the most secure printers in the world.  With this venture, then, HP is specifically looking for more obscure defects that could easily be used against customers.  HP will focus on the potentially dangerous actions of malware at the firmware level (including RCE, XSS, and CSRF).

Albright continues, “Adversaries have dramatically evolved, and attack sophistication is on the rise. We’re advising customers to consider cybersecurity challenge as a matter of if rather than when a bad actor will be successful.”

Alas, printer vulnerability is actually increasing. As a matter of fact, a Bugcrowd report suggests that the top emerging cyber-attackers are more often focusing on endpoint devices, these days.  For example, print vulnerabilities within the industry have, over the last year alone, increased 21 percent.

Albright concludes: “As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up. HP is committed to engineering the most secure printers in the world.”

Leave a Reply

Your email address will not be published. Required fields are marked *