The effort is an acknowledgment that security threats are increasingly spreading beyond PCs and networking devices to target everything connected to a network. HP has already paid $10,000 to a hacker who found a serious flaw with its printers, Shivaun Albright, the company’s chief technologist for printer security, said in an interview last week. „HP is committed to engineering the most secure printers in the world,” he also said. The researcher would have to find serious flaws like remote code execution, which would allow an attacker to take complete control of the printer.
HP’s bug bounty program will be run through Bugcrowd, a platform that facilitates payouts and invites. The program is currently private, with Bugcrowd handling which researchers are invited to join. The invited researchers have remote access to 15 printers, which are isolated in HP’s offices. From their computers at home, they can poke at and pry into these machines to find hidden vulnerabilities. “We’re fixing these issues very quickly and turning them around so they’re not found in the wild,” Albright said. HP said that it may reward researchers even if they report bugs about which the company was aware.