Why it matters: Having one of its printers facilitate an attack on a company wouldn't be a good look for HP. By investing in preventative measures like a bug bounty program, HP could potentially save face - and money - in the long run.
HP has partnered with bug bounty platform Bugcrowd to launch the industry’s first bug bounty program for printing devices.
Security vulnerabilities are traditionally associated with PCs and networking devices but lately, hackers have been turning their attention to connected devices such as security cameras, smart home devices and printers. Such is true in both consumer and enterprise settings, the latter of which appears to be HP’s primary concern.
Justine Bone, CEO of MedSec and security advisory board member for HP, said CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organization.
Bugs submitted and verified by Bugcrowd will be eligible for awards of up to $10,000 based on the severity of the flaw. Bugs that have previously been discovered by HP will be assessed and in some cases, a reward may be offered as a good faith payment.
Shivaun Albright, HP's chief technologist of printing security solutions, told CNET in a recent interview that the program quietly kicked off in May with 34 researchers. The company has already paid out one award of $10,000, Albright confirmed.