Vulnerability researchers, here comes a must not be missed opportunity for you! HP Inc. has rolled a bug bounty program to felicitate researchers with a whopping sum between $500 and $10,000 for finding security flaws in a range of HP printers. Bugs found in the vendor’s Enterprise LaserJet machines and multi-function printer (MFPs), such as the A3 and A4 will also be acknowledged. The amount of the reward is based on the severity of the discovered vulnerabilities!
Keeping in mind the fact that printers are the weakest link in an organization and the vulnerabilities in these can be exploited to infect the entire chain in the network in various malicious campaigns; HP launches Bug Bounty program and announces its team venture with Bugcrowd on July 31st 2018.
Bugcrowd is a bug bounty platform that manages vulnerability disclosure programs and uses crowdsourced model to find vulnerabilities.
In this private program, researchers will be sent the invite to join the program. The vulnerabilities discovered will have to be reported to Bugcrowd, who will verify the flaws and decide the reward price based on its severity.
A high number of printer vendors are embracing bug bounty programs for the following reasons:
Bug Bounty programs aren’t new, but it’s the first of its kind for a printer company. Security concerns of Printers are often ignored by businesses which makes them inviting targets for cyber attacks. reasons behind HP leveraging Bugcrowd include:
CVE-2017-2750 vulnerability summary:
The vulnerability is related to arbitrary code execution because of missing of DLL (Dynamic Link Library) files that result from insufficient DLL Signature validation.
The company plans to set up enterprise-class printers that will be accessed by researchers remotely. The researchers will scrutinize printers to identify new as well as existing vulnerabilities.
Vulnerabilities unearthed via physical access are also allowed. There are incidents known where HP has cooperated with researchers by shipping them its devices when requested for the research program.
The company is however primarily focusing on remote attacks.
Hits: 159
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.