Posted originally on November 14 by Dave Farrow, Senior Director, Information Security at Barracuda Networks.

We launched Barracuda’s Security Bug Bounty Program six years ago this month. We’ve had such a tremendous response from the research community, and have learned so much through the process. We truly appreciate the many contributions from our Crowd.

We strongly believe that security vendors should be at the forefront of promoting community security research. Bug Bounty programs represent one of the most significant ways to promote this collaboration and reward researchers for their work –  all while encouraging responsible disclosure. We’ve worked with hundreds of researchers who have made substantial contributions to our efforts to deliver high-quality security products to our customers. All of this is why I am excited to announce the next phase for our Security Bug Bounty Program.

Since launching our bug bounty program, we’ve seen a number of shifts within our own business and within our customer base. The threat environment is as sophisticated and hostile as ever. Network perimeters have all but disappeared as companies face challenges with branch offices, remote workers and always-on connectivity. Customers are increasingly asked to do more with less, and many of them are looking to leverage efficiencies and cost savings associated with the cloud. We’ve focused many of our internal resources on our own cloud services so that we can continue to make IT simple, secure and affordable for our customers.

We are applying that same philosophy to our Security Bug Bounty Program. Couple of key things to note on the upcoming changes:

  1. The next phase of the program expands beyond the scope of the current program to include Barracuda’s cloud services. We will continue to leverage Bugcrowd’s expertise to manage the program. The new program is by invitation only, and we will release additional details on the new program in early December to those who are invited.
  2. The existing program, which is focused on our physical security appliances, will continue but limit bounty awards to specific classes of high impact vulnerabilities. Other submissions which are not excluded specifically by the terms of the program will continue to receive Kudos points that contribute to Bugcrowd’s monthly leaderboard bonus program. We encourage you to continue to submit any bugs you find – and we will publicly recognize all appropriate submissions.

Many thanks for your continued contributions and for making the program the success it is today. We look forward to moving into this next phase and continuing to improve on the products and services for our customers.


View more details about Barracuda’s Public Bug Bounty Program here.