As leaders and innovators in computer security, Barracuda launched their bug bounty program in 2010. When submissions started rolling in from external security researchers, they immediately recognized the value of having more eyes on their applications, and the power in incentivizing them. They soon experienced, however, the difficulty in creating the infrastructure and resources needed to manage it internally.
They started weighing their options - to build or to buy, and eventually turned to Bugcrowd. Through this evolution, the Barracuda security team has learned valuable lessons regarding the security researcher environment and economy. In this discussion, we will be joining the program director and the program manager to gain multiple perspectives on their programs.
- Why companies are turning to bug bounty programs to augment their security programs
- The advantages and pitfalls of running a self managed bug bounty program
- How Bugcrowd was able to reduce their program’s noise to signal ratio, enabling their security team to focus solely on remediating real bugs