Barracuda Bug Bounty Program History
On November 9, 2010, Barracuda became the one of the first companies to run a bug bounty. The program initially received just a handful of reports every quarter.
In 2012, Barracuda’s bug bounty program reached the point where responding to researchers, distributing awards worldwide, and working with product teams to remediate reports became a full time position.
Today, Barracuda has a team of analysts working full time on the program. Barracuda turned to Bugcrowd to filter out invalid submissions and manage award payments, thus freeing up internal resources to focus on addressing reports from the community.
“We like Bugcrowd’s approach. A structured format for reporting issues helps drive better quality bugs and filter out noise while the handling of bounty payments is a huge time savings for us. Having a third party help manage researchers will be very valuable.”
Dave Farrow, Director of Engineering at Barracuda Networks
Barracuda is using Crowdcontrol’s JIRA integration, which automatically creates JIRA tickets for newly discovered issues based on specific triggers. Tickets are automatically updated as new information regarding a submission is added.
The process helps ensure the most accurate and up-to-date information is available to both Barracuda and the researchers regarding their testing and triage of new submissions.
- Managed Bug Bounty program by Bugcrowd
- Rewards scope – $50 to 3,133
- Researchers can use their own physical appliances. Barracuda has made several virtual appliances for some of the products available for common use.
- Barracuda’s program page is available here
To hear more about how Barracuda transitioned it's bug bounty program, watch our webinar, Build or Buy: The Barracuda Bug Bounty Story or read the case study.