Press Release

HP Launches Industry’s First Print Security Bug Bounty Program



  •  
  •  
  •  
  •  

Highlights:

  • Partners with Bugcrowd to launch a first of its kind private bug bounty program for printers
  • Builds on HP’s cybersecurity commitment to deliver the world’s most secure printers
  • Awards up to $10,000 to support vulnerability identification

PALO ALTO, Calif., July 31, 2018 — HP Inc. today announced the industry’s first print security bug bounty program, underscoring its commitment to deliver the world’s most secure printers[i]. HP selected Bugcrowd, a global leader in crowdsourced offensive security, to manage vulnerability reporting, further enhancing HP’s business printer portfolio. With HP’s extensive history of device security innovation and driving new industry security standards, this print-focused bug bounty program is yet another way HP is leading the way when it comes to providing the highest-level security for its customers and partners.

“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” said Shivaun Albright, HP's Chief Technologist of Print Security. “HP is committed to engineering the most secure printers in the world.”

HP is the first company to invest in a dedicated bug bounty program for printing devices, offering customers protection from attacks that are targeting both businesses and employees. According to Bugcrowd’s recent report, the top emerging attackers are focused on endpoint devices, and the total print vulnerabilities across the industry have increased 21% during the past year.

“CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organization,” said Justine Bone, CEO, MedSec and Security Advisory Board member for HP. “For decades, HP has made cybersecurity a priority rather than an afterthought by engineering business printers with powerful layers of protection. And in doing so, HP is helping to support the valuable role CISOs play in organizations of every size.”

The Bug Bounty program includes:

  • Vulnerabilities found by researchers in the private program are required to be reported to Bugcrowd.
  • Reporting a vulnerability previously discovered by HP will be assessed, and a reward may be offered to researchers as a good faith payment.
  • Bugcrowd will verify bugs and reward researchers based on the severity of the flaw and awards up to $10,000.

More on HP’s business print portfolio and security features can be found here: http://hp.com/go/printersthatprotect

Based on HP review of 2018 published security features of competitive in-class printers. Only HP offers a combination of security features that can monitor to detect and automatically stop an attack then self-validate software integrity in a reboot. For a list of printers, visit hp.com/go/PrintersThatProtect. For more information: hp.com/go/printersecurityclaims.

Learn the ins and outs of Crowdsourced Security, Managed Bug Bounty and Vulnerability Disclosure ProgramsDownload the Guide
+