Hack our products and we'll pay you: Barracuda Networks

Offers $3K-plus for anyone who finds "qualifying bugs"

Barracuda Networks Tuesday announced it will pay more than $3,100 to anyone who can hack into its security products, saying the bug bounty program is the first ever from a pure-play security vendor.

"This initiative reflects our commitment to our customers and the security community at large," says Paul Judge, chief research officer at Barracuda. The security firm lists its Spam & Virus Firewall, Web Filter, Web Application Firewall and NG Firewall as products in its bug bounty program.

Patch or we go public, says bug bounty program   

Google last week launched a bug-bounty program to pay for vulnerabilities, and many other vendors are willing to pay security researchers for information about vulnerabilities they'd like to be able to fix as soon as possible before these flaws are exploited as zero-day attacks 

The Barracuda Networks bug-bounty program will pay as high as $3,133.70 -- an allusion to the slang "leet" number-related spelling of 31337 for security "elite" --for "particularly severe bugs," according to the company. But the starting reward is $500.

The following bugs and attack types are said to be excluded: use of automated testing tools; social engineering; denial-of-service attacks; physical attacks; attacks against Barracuda's customers; attacks against Barracuda's corporate infrastructure or demo servers.

Acceptable bug types  include "those that compromise confidentiality, integrity or authentication," with examples given of "remote exploits, privilege escalation, cross-site scripting, code execution and command injection." The company asks that vulnerabilities be reported via e-mail to BugBounty@barracuda.com using the PGP key at http://www.barracudalabs.com/bugbountypgp.txt.

To qualify for the bug bounty, the bug must be disclosed only to the company, Barracuda specifies, and once the "issue is fixed, you will be able to publicly disclose the issue."

Learn more about this topic

Google offers bounty to Web bug hunters

Antivirus didn't help in zero-day malware attack on power plant

HP's bug-bounty program changes disclosure terms

Must read: 11 hidden tips and tweaks for Windows 10
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies