Barracuda launches bug bounty for its security products

Security vendor offers bounty for bugs found in its firewall and Web filtering appliances.

Security vendor Barracuda Networks is jumping on board the bug bounty bandwagon, offering between $500 and $3,133.70 to bug hunters who find serious vulnerabilities in its products. Barracuda, which sells a variety of security appliances for antispam, antivirus, Web content filtering and Web application firewall capabilities, is the first security vendor to offer such a program for its own products.

Barracuda said flaws found in the Spam & Virus Firewall, Barracuda Web Filter, Barracuda Web Application Firewall and the Barracuda NG Firewall would be eligible for a reward.

Researchers reporting security bugs will collect a cash prize ranging from $500 to $3133.7, depending on the severity of the vulnerability as judged by the Barracuda Labs Bug Bounty Panel. Bounties can be donated to charity as requested by the bug reporter.

According to Barracuda: Vulnerabilities can be reported to  BugBounty at barracuda.com with the following PGP key  http://www.barracudalabs.com/bugbountypg…). The company set up a Web page explaining the bug bounty program.

Bug types that are in scope include those that compromise confidentiality, availability, integrity or authentication. For example: remote exploits, privilege escalation, cross site scripting, code execution, command injection.

Google extended its current bug bounty program for Chrome browser flaws this week, adding a reward for serious Web application flaws found in its Blogger, Orkut and YouTube websites. Barracuda offers the same payout structure as Google. Mozilla offers a similar program for bugs found in Firefox.

Google said it has had success with its Chrome browser bug bounty program, which it launched in February. The company said it has seen an increase in “high-quality” reports on bugs found in its Chromium browser.