As the IoT is set to further explode into mainstream life, security professionals get ready for the impossible challenge of defending connected devices from threats. The largest issue comes for the sheer number of devices that will now be connected to a network; no longer will it just be desktops, phones and the occasional laptop. A corporate network will now have all these devices plus printers, HVAC systems, refrigerators, even cars! Securing these devices will be the largest issue that manufacturers will have to solve.
Making proactive steps in this field is Hewlett-Packard (HP), who hope to entice security professionals with a $10,000 bug bounty. Partnering with Bugcrowd, HP says that researchers can earn from $500-$10,000 for a legitimate find.
In a comment to ZD Net, HP wrote;
“We’re challenging researchers to search for obscure defects that could be used against our customers.
We’re providing researchers with remote access to a set of Enterprise Multifunction printers and invited researchers to focus on the potential for malicious actions at the firmware level including CSRF, RCE, and XSS.”
The partnership between the two firms spans from a research report written by Bugcrowd – 2018 State of Bug Bounty Report. In this report, Bugcrowd reported that endpoint devices are ‘becoming tantalizing targets for threat actors with a 21% increase in endpoint bugs over the past 12 months.
Currently HP is only running this bounty program for its printers, yet it’s looking to expand it onto its computer lineup soon.
Bugcrowd is a valued partner that offers a platform to crowdsource security. As attack areas increase there becomes a greater imbalance between attackers and defenders. Bugcrowd aims to level this playing field. Not only does it provide your security environment an increased number of vigilant eyes, it also lowers security costs and operational benefits.
Furthermore, under our professional services portfolio at Secure Sense we offer Penetration Testing (Pen Testing). Pen Testing allows our team of professionals to safely exploit vulnerabilities within your organization, while offering advice and services that could defend your organization. It is seen as a proactive effort to protect your network from cyber risks.
To see how a Bugcrowd partnership can benefit your organization, or to learn more about Pen Testing and how it can save your firm a giant headache, reach out and contact us.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.