Barracuda Networks introduces vulnerability disclosure program

Barracuda Networks have announced a ‘Bug Bounty programme' to reward researchers for identifying vulnerabilities in its products.

Paying a minimum of $500 (£310) to match the reward offered by Google for severe bugs, it claimed that this is the first such programme to be offered by a pure security company and follows the likes of Mozilla in offering rewards for vulnerability discovery.

Last week Google launched a new vulnerability reward program, modelled on its Chromium model that covers any Google web properties that handle 'highly sensitive authenticated user data or accounts' to include google.com, youtube.com, blogger.com and orkut.com.

The type of vulnerabilities that qualify for rewards include cross-site scripting (XSS), cross-site request forgery (CSRF), cross-site script inclusion (XSSI) and bugs that allow the access of other users' private data and server-side code execution.

Dr Paul Judge, chief research officer at Barracuda Networks, said: “Security product vendors should be at the forefront of promoting security research. This initiative reflects our commitment to our customers and the security community at large. The goal of this program is to reward researchers for their hard work, as well as to promote and encourage responsible disclosure.”

Researchers reporting security bugs will collect a cash prize of up to $3,133.70 (£1,940.49), depending on the severity of the vulnerability as judged by the Barracuda Labs Bug Bounty Panel. Bounties can be donated to charity as requested by the bug reporter.

The following security products are eligible: Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Web Application Firewall and the Barracuda NG Firewall.

Sign up to our newsletters