Barracuda Networks has established a new rewards program for researchers who uncover bugs in the company’s security products.
Barracuda’s program follows in the footsteps of similar moves by
Google and Mozilla to use incentives to get researchers to turn
vulnerability information over to vendors as opposed to posting
it publicly on the Web or handing it to black hats.
Prizes for the bugs range from $500 to $3,133.70 depending on how
th Barracuda Labs Bounty Panel judges their severity.
Bounties can be donated to charity upon request, the company said.
The following products are in the program’s scope:
- Barracuda Spam &
Virus Firewall - Barracuda Web Filter
- Barracuda Web Application
Firewall - Barracuda NG Firewall
For now, only the appliance form
factor of each of the products is fair game, and only the most recent
generally available version qualifies.
Remote exploits, privilege escalation, cross-site scripting and
other attacks that compromise confidentiality, availability or
authentication are acceptable. Once the vulnerability is fixed, the
finder can publicize it, the company said. Attacks against Barracuda’s
corporate infrastructure, demo servers or customers are prohibited.
For more, read the eWeek article Barracuda Networks Launches Security Vulnerability Rewards Program.