Following the lead of Mozilla and Google, Barracuda Networks is launching a bug bounty program that will pay out cash rewards for vulnerabilities found in the company's own products.
The move by Barracuda, a maker of mail security and data protection products, is the first such bug bounty program offered by a pure security technology vendor. Mozilla and Google are the two most prominent examples of general technology companies that offers rewards for vulnerabilities, and both of those companies have seen their programs succeed in the last year. In fact, both Google and Mozilla have raised the prices that they pay for the most severe bugs, with Mozilla shelling out up to $3,000 and Google paying as much as $3,133.7 for bugs.
Barracuda officials said they'll match Google's top price for severe bugs and the minimum bug bounty will be $500. The company will only pay out rewards for bugs that are disclosed privately to Barracuda, although once the bug is fixed, the researcher is free to disclose it publicly. Bugs found in barracuda's Spam and Virus Firewall, Web Filter, Web Application Firewall and NG Firewall are eligible for the cash rewards.
Bugs that are in scope for the reward program are vulnerabilities that compromise confidentiality, availability, integrity or authentication. Those would include vulnerabilities such as remote exploits, privilege escalation, cross site scripting, code execution, command injection