Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

HP Launches Bug Bounty Program for Printers

HP announced on Tuesday the launch of a bug bounty program for printers. The company is prepared to pay out up to $10,000 for serious vulnerabilities found in its products.

HP announced on Tuesday the launch of a bug bounty program for printers. The company is prepared to pay out up to $10,000 for serious vulnerabilities found in its products.

The initiative, which HP calls the industry’s first printer bug bounty program, was launched in partnership with crowdsourced security platform Bugcrowd.HP launches printer bug bounty program

The program is private, which means not anyone can participate. Researchers invited by HP have been instructed to focus on firmware-level vulnerabilities, including remote code execution, cross-site request forgery (CSRF) and cross-site scripting (XSS) bugs.

The rewards range between $500 and $10,000 per flaw, but HP is not disclosing the specific payouts for each type of issue. Researchers can also earn a reward if they report a vulnerability previously discovered by HP itself – the company describes this as a “good faith payment.”

The bug bounty program currently covers HP LaserJet Enterprise printers and MFPs (A3 and A4), as well as the HP PageWide Enterprise printers and MFPs (A3 and A4).

HP told SecurityWeek that currently it’s engaged with 34 researchers. The company says the program covers only endpoint devices – printer-related web domains are out of scope – with a focus on print firmware.

The company plans on expanding the program to its PC line soon, but it currently focuses on printers due to concerns that the technological advancements in this area make these types of devices an attractive target for malicious actors. HP noted that printers can not only provide access to the network that houses them, but they can also expose confidential documents.

“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” said Shivaun Albright, HP’s Chief Technologist of Print Security. “HP is committed to engineering the most secure printers in the world.”

Related: Code Execution Flaw Found in HP Enterprise Printers

Advertisement. Scroll to continue reading.

Related: Printer Vulnerabilities Expose Organizations to Attacks

Related: HP Enhances Network Printer Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...