Barracuda Networks Security Bug Bounty Program

Barracuda Networks Security Bug Bounty Program

Q) What products are in scope?

A) The following security products by Barracuda Networks:

Other Barracuda Networks products are not currently in scope. The scope for now is limited to the Appliance form factor of each product listed above, and not any related service or SaaS version. Only the most recent generally available version of each product qualifies.

Q) What classes of bug are in scope?

A) The following bugs and attack types are excluded:

Use of automated testing tools; social engineering; denial of service; physical attacks; attacks against Barracuda Networks’ customers; attacks against Barracuda Networks’ corporate infrastructure or demo servers.

Bug types that are in scope include those that compromise confidentiality, availability, integrity or authentication. For example: remote exploits, privilege escalation, persistent cross site scripting, code execution, command injection.

Q) How do I report a vulnerability?

A) Please report vulnerabilities via email to BugBounty@barracuda.com with the following PGP key at www.barracudalabs.com/bugbountypgp.txt.

Q) What is the bounty?

A) The bounty starts at $500 for qualifying bugs. The panel may reward up to $3,133.7 for particularly severe bugs. You may opt to donate your bounty to a charity. Additionally, we will credit your work as a bug/vulnerability reporter if you desire. Only the first report of a bug qualifies. (Why $3,133.7? The number pays homage to “eleet”. This is used by some in the security community as slang for elite and is sometimes referred to as 31337.)

Q) What is the disclosure requirement?

A) To qualify for the bug bounty, the bug must be disclosed to only Barracuda Networks. Once the issue is fixed, you will be able to publicly disclose the issue.

Q) And now a message from our legal team…

A) This program is not open to minors, individuals on sanctions lists or individuals in countries on sanctions lists. You are responsible for any tax implications or additional restrictions depending on your country and local law. We reserve the right to cancel this program at any time and the decision to pay a reward is entirely at our discretion. You must not violate any law. You also must not disrupt any service or compromise anyone’s data.

Thank you for your interest in the Barracuda Security Bug Bounty Program and for helping Barracuda Networks make our products more secure.