While printing may not seem like a major security risk, there have been occasional past vulnerabilities & malware exploits.  As the “Internet of Things” further develops printers are adding more “smart” device capabilities to phone home to vendor or corporate ADMIN team when needs surface.  HP is offering up to $10,000 to researchers who can find vulnerabilities & disclose them privately — to further improve printer security controls.


HP  isn’t asking people to smash its printers to pieces, but the company is willing to pay people to break its software apart. On Tuesday, HP announced its first bug bounty program that specifically targets its printers, offering as much as $10,000 to hackers who can find vulnerabilities on its machines.

Bug bounties are a common way for companies to find security flaws, with payouts as high as $100,000 for serious vulnerabilities. Hackers have been able to make a full-time job breaking software and reporting bugs before the vulnerabilities are used maliciously. Companies such as  Google  and Facebook have turned to bug bounties as a way to bolster their security.

HP quietly started its program in May with 34 researchers signing up. It has already paid $10,000 to a hacker who found a serious flaw with its printers, Shivaun Albright, the company’s chief technologist for printer security, said in an interview last week.  The company is focused on printer security because of the vulnerabilities of internet of things devices, she said. While there’s a heavy focus on connected devices and their security flaws, it’s often on web cameras, smart televisions or lightbulbs, not printers, Albright said.