The bounty program introduced by the security vendor this week will include the following products: Barracuda Spam & Virus Firewall, Barracuda Web Filter, Barracuda Web Application Firewall, and the Barracuda NG Firewall.
Researchers who report the vulnerabilities to Barracuda can earn cash rewards ranging from $500 to approximately $3100, depending on the bug’s severity. Bounties paid out can be donated upon the researcher’s request.
"Security product vendors should be at the forefront of promoting security research”, said Paul Judge, chief research officer at Barracuda Networks, in a press release statement. "The goal of this program is to reward researchers for their hard work as well as to promote and encourage responsible disclosure.”
Barracuda said the bug types considered for the reward program include “those that compromise confidentiality, availability, integrity or authentication, such as remote exploits, privilege escalation, cross site scripting, code execution, and command injection”. Bugs can be reported via email or through the Barracuda Labs website.