In a new development, HP has announced a new bug bounty program to improve security of its printers. The company claims that it is willing to shell out as much as $10,000 (roughly Rs. 6,85,300) to any researcher who discovers a serious software flaw in its printer line-up. HP claims that this program is private for now, and is based on an invite-only model, but it plans to make it public in the future. For now, invited researchers are given access to a set 15 different HP printers to pry and poke into, and find out vulnerabilities, if there are any.
CNET reports that HP started this bug bounty program in May this year, and has already given $10,000 prize to one researcher who pointed out a critical vulnerability. The program has 34 researchers on board at present.
Shivaun Albright, the company’s chief technologist for printer security, told CNET that HP is focused on printer security because of how vulnerable Internet of Things devices are. While there’s a heavy focus on connected devices and their security flaws, it’s often on web cameras, smart televisions or light bulbs, but not printers.
HP’s new bug bounty program will be run through BugCrowd, and is based on invite-only basis to better manage incoming vulnerabilities. The company has given access to these select researchers, to 15 HP printers located in its offices. These researchers can then dig into these printers’ software and find vulnerabilities from their computers sitting at home.
Google also indulges in such a program where it gives out rewards to all researchers for finding critical bugs and reporting them to Google before they are misused. Many researchers do this as a full time job even, gaining good chunk of rewards, by snooping into Google’s software services and reporting vulnerabilities. As part of Google’s Vulnerability Reward Program (VRP), the tech giant paid out almost $3 million (roughly Rs. 19 crores) to security researchers in 2017 as rewards for the vulnerabilities they found in its products and services.