HP to reward Researchers up to $10,000 for finding vulnerabilities




The Tech giant HP has revealed that they have started a big bounty program of $10,000 for security researchers for finding any kind of vulnerabilities in their printers.

The program is a private big bounty, which focuses basically on HP hardware. As printers are often found in a weak business network, which could be compromised on a wider network system, especially people ignore firmware updates or upgrades and become a prey of such avenues to exploit.

While speaking to ZDNet, an HP spokesperson said: "We're challenging researchers to search for obscure defects that could be used against our customers.

We're providing researchers with remote access to a set of Enterprise Multifunction printers and invited researchers to focus on the potential for malicious actions at the firmware level including CSRF, RCE, and XSS."

Under this program, security researchers can earn between $500 and $10,000 per their findings.

"For years, the conversation about cybersecurity has focused on software and networking," said Shivaun Albright, HP's Chief Technologist of Print Security. "Today, bad actors are targeting endpoint devices. Protecting connected devices, like printers, at the edge of the network has become paramount."

There is no time limit for this program, and sooner or later HP is planning to extend their bug bounty program to its PC's also.



from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2KtaO4M