Barracuda Networks adapts Bug Bounty Program to Cloud Product Services
New Cloud Services, High Severity Issues & Invitation Only
In the last 6 years the public bug bounty program of barracuda networks helped to improve the security of their active product series. At the beginning the program was running independently but about 1 and a half year ago the service went into the open crowd. Dave Farrow one of the leading managers in the company of barracuda networks announced today, that the official bug bounty program will move to improve the new cloud services series.
In the followup lines of his blog post he says "We are applying that same philosophy to our Security Bug Bounty Program. Couple of key things to note on the upcoming changes".
1. The next phase of the program expands beyond the scope of the current program to include Barracuda’s cloud services. We will continue to leverage the crowd’s expertise to manage the program. The new program is by invitation only, and we will release additional details on the new program in early december to those who are invited.
2. The existing program, which is focused on our physical security appliances, will continue but limit bounty awards to specific classes of high impact vulnerabilities. Other submissions which are not excluded specifically by the terms of the program will continue to receive kudos points that contribute to the crowd’s monthly leaderboard bonus program. We encourage you to continue to submit any bugs you find – and we will publicly recognize all appropriate submissions.
Farrow says within his last lines of the post published today "Many thanks for your continued contributions and for making the program the success it is today. We look forward to moving into this next phase and continuing to improve on the products and services for our customers."
The vulnerability laboratory was deep into the barracuda networks bug bounty program from 2012 until today. Our team uncovered and resolved a series of security vunerabilities with different typ of impact and severity for security researchers. We hope to followup as well with the new cloud services and try to keep our magazine readers up2date.