Printers, arguably the most common IoT devices on the market, touch and store some of the most sensitive data and yet these devices are often left out of the organization’s security policy. This is why security is a core pillar of HP’s product strategy.
HP turned to Bugcrowd, engaging in a managed private bug bounty program to incentive an elite, trusted Crowd of security researchers to find critical vulnerabilities in its products. Given the difficulty of finding these obscure vulnerabilities, the bug bounty program is key.
- IoT security has gained a lot of visibility over the last couple of years.
- Unknown to most, printers store some of the most sensitive data.
- With best-in-class defensive strategies in place, HP wanted to take their security strategy one step further.
Solution with Bugcrowd:
- HP launched a managed private bug bounty program with Bugcrowd, incentivizing an elite, trusted Crowd of security researchers to find critical issues in its products.
- A private bug bounty program offers HP the opportunity to utilize the power of the Crowd — volume of testers, diversity of skill and perspective and competitive environment — in a more controlled and stringent environment.
- HP very quickly realized the value of the bug bounty program, seeing more quality findings come in through Bugcrowd versus the other firms and tools.
- With the ongoing private bug bounty program, HP has been able to tailor its testing pool based on specific skill sets, has more direct communication with a smaller group of trusted and skilled testers, while still taking advantage of the crowdsourced model.