Last week, Vulnerability Lab CEO Benjamin Kunz Mejri notified us that PayPal made some improvements to its bug bounty program. At the time, the researcher mentioned that Barracuda Networks also made some changes to its own bug bounty program.We’ve reached out to Barracuda Networks representatives to find out more about the modifications made to their bug bounty.
Here’s what Barracuda Networks’ Dave Farrow told us about the improvements:
“We receive numerous issue reports each month with varying degrees of exploitability and risk to our systems or to our customers. We believe that achievement should be recognized and that outstanding achievement should be singled out.
To that end, we have introduced a classification system in our Hall of Fame. The top two levels, Gold and Silver, represent issues reported against systems included in the Security Bug Bounty program. We have set up and maintain public-facing VM versions of the products in the program specifically for researchers to use for penetration testing,” he said.
“The decision to classify a report as Gold or Silver is based on the exploitability and risk associated with the issue.
Issues reported against our systems and services that are not part of the Security Bug Bounty program are acknowledged as Bronze,” he explained.
“While we do not pay bounty awards for these reports, and we discourage unauthorized penetration testing on our product services and web properties, we continue to take these reports seriously and acknowledge the time spent by the researcher by mentioning them here.
We set up this system to foster friendly competition with our community of researchers and to acknowledge the success of our researchers in driving product quality in the Barracuda product line,” he further added.