Request a Demo Contact Us
Need a Pen Test? Get Started Now!
Learn More

How a managed solution took Barracuda's bug bounty program to the next level

For the Barracuda security team, working closer with the security research community was a great way for them to improve their overall security posture while exhibiting thought leadership.

Products
  • Vulnerability Disclosure Program
  • Bug Bounty Program
Industry

Security

  • Value-Add

    For the Barracuda security team, working closer with the security research community was a great way for them to improve their overall security posture while exhibiting thought leadership.

  • Outcomes

    The managed bug bounty program has freed up Barracuda’s security team to spend more time working closely with their product teams–to educate
    and to help remediate bugs faster and more seamlessly

In 2010, Barracuda was one of the first organizations to launch their own bug bounty model. At the time, bug bounties were just gaining traction, and Barracuda has been
integral in forging the path ahead for the crowdsourced security model.

For the Barracuda security team, working closer with the security research community was a great way for them to improve their overall security posture while exhibiting thought leadership.

The Value of A Managed Bug Bounty Program

As activity and interest from the security researcher community picked up at the height of their program, Barracuda recognized the need for a ‘gatekeeper’ to triage incoming reports and correspond with researchers.

The managed program has freed up Barracuda’s security team to spend more time working closely with their product teams–to educate and to help remediate bugs faster and more seamlessly. Bugcrowd’s hands-on expert management coupled with a powerful vulnerability disclosure platform, Crowdcontrol, eased all the challenges they faced running their own program…

We want to apply our resources in the places that make the most impact to our organization. That’s not on the front line, talking to researchers. The way that Bugcrowd has developed their platform and still allowed us access to researchers has created a clean, low friction interface between our teams and freed us to focus on issues that will make an impact on our security posture.

Dave Farrow, Senior Director, Information Security

Working with Crowdcontrol to Integrate with Existing Workflows

Bugcrowd’s vulnerability disclosure and tracking platform, Crowdcontrol, offered Barracuda a seamless solution to receiving submissions,
integrating with existing workflows and paying researchers.

As a large organization with dozens of product lines and multiple vulnerability collection streams–internal and external–Barracuda made it essential to integrate their bug bounty program into their security program as a whole.

Crowdcontrol’s integration with issue tracking system, Jira, ensures that bugs validated by Bugcrowd’s team, make it into the right hands in real time.

Bug Bounty Learnings

In its history, the Barracuda bug bounty program has seen immense success and received consistent engagement.

This consistent engagement is due in large part because of their positive relationship with the researcher community, strengthened by
the Bugcrowd team. They have also expanded the scope of their program, which now includes Barracuda cloud services. Their continued
commitment to the research community is a great example to other companies, especially security companies.

Subscribe for updates

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.