Learn how Bugcrowd enables HP to deliver the most secure printers

Download Case Study

Opportunity

Printers, arguably the most common IoT devices on the market, touch and store some of the most sensitive data and yet these devices are often left out of the organization’s security policy. This is why security is a core pillar of HP’s product strategy.

HP turned to Bugcrowd, engaging in a managed private bug bounty program to incentive an elite, trusted Crowd of security researchers to find critical vulnerabilities in its products. Given the difficulty of finding these obscure vulnerabilities, the bug bounty program is key.

Challenge:

  • IoT security has gained a lot of visibility over the last couple of years.
  • Unknown to most, printers store some of the most sensitive data.
  • With best-in-class defensive strategies in place, HP wanted to take their security strategy one step further.  

Solution with Bugcrowd:

  • HP launched a managed private bug bounty program with Bugcrowd, incentivizing an elite, trusted Crowd of security researchers to find critical issues in its products.
  • A private bug bounty program offers HP the opportunity to utilize the power of the Crowd — volume of testers, diversity of skill and perspective and competitive environment — in a more controlled and stringent environment.

Program Results

  • HP very quickly realized the value of the bug bounty program, seeing more quality findings come in through Bugcrowd versus the other firms and tools.
  • With the ongoing private bug bounty program, HP has been able to tailor its testing pool based on specific skill sets, has more direct communication with a smaller group of trusted and skilled testers, while still taking advantage of the crowdsourced model.
We looked at the bug bounty program as a key mechanism for taking our security posture to the next level. By leveraging a community of security researchers to find some of those obscure issues no one else has found. This is the message that convinced our executives to support the program.
Shivaun Albright Chief Technologist, Print Security, HP

Program Facts

Industry
Computer Electronics
Use Case
Better IoT Security
Program Type
Private Bug bounty

Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.