Barracuda Networks has established a new rewards program for researchers who uncover bugs in the company's security products.
Barracuda's program follows in the footsteps of similar moves by Google and Mozilla to use incentives to get researchers to turn vulnerability information over to vendors as opposed to posting it publicly on the Web or handing it to black hats.
Prizes for the bugs range from $500 to $3,133.70 depending on how th Barracuda Labs Bounty Panel judges their severity. Bounties can be donated to charity upon request, the company said.
The following products are in the program's scope:
- Barracuda Spam & Virus Firewall
- Barracuda Web Filter
- Barracuda Web Application Firewall
- Barracuda NG Firewall
For now, only the appliance form factor of each of the products is fair game, and only the most recent generally available version qualifies.
Remote exploits, privilege escalation, cross-site scripting and other attacks that compromise confidentiality, availability or authentication are acceptable. Once the vulnerability is fixed, the finder can publicize it, the company said. Attacks against Barracuda's corporate infrastructure, demo servers or customers are prohibited.
For more, read the eWeek article Barracuda Networks Launches Security Vulnerability Rewards Program.