SBC Solutions Blog

HP Offers Up to $10,000 Rewards for Printer Bugs

HP said it has launched the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities.

HP launched a bug bounty program for printers Tuesday, with a max payout of $10,000 a vulnerability.

The company, which has partnered with Bugcrowd to offer between $500 and $10,000 for bug discoveries, said that it marks the first-ever bug bounty program for printers.

“HP has offered a way for researchers to disclose bugs to our team for a long time now,” Shivaun Albright, HP’s chief technologist of print security said. “This is our first bug bounty program, and the world’s first Print specific bounty, to be managed by an external party.”

The company told Threatpost it’s looking for obscure defects that could be used against its customers. HP said it will specifically focusing on potential malicious actions at the firmware level, which includes CSRF, RCE, and XSS.

Bugcrowd and HP are assessing each disclosure and rewarding researchers based on the potential severity of the vulnerability (ranging from $500 to $10,000), HP said. Researchers will be invited to the program.

Eligible printers include HP’s enterprise-class line of HP PageWide, HP Color LaserJet and several model MFPs (both A3 and A4 formats).

Source: ThreatPost