The webinar discusses Barracuda's transition from an in-house bug bounty program to a third-party program managed by Bugcrowd. It describes how Barracuda initially built its own program in 2010, then weighed the pros and cons of switching to Bugcrowd for its scalability and to offload management of bounty payouts. The webinar outlines Barracuda's process for transitioning to Bugcrowd and how it adjusted its security team workflow and integration of bug submissions. Program stats from Bugcrowd show Barracuda paid out $27,771 on 316 submissions with an average priority of 3.5.
2. Director of Engineering, Product Security, Barracuda
Dave Farrow
Product and Infrastructure Security Team Manager,
Barracuda
Matthew Trimble
Sales Manager, Bugcrowd
Jason Pitzen
Build or Buy?
The Barracuda Bug Bounty Story
02
Speakers
Building the Barracuda Bug Bounty
Weighing our options: Build or Buy?
Transitioning to Bugcrowd.
Lessons from the Trenches.
Future of the Barracuda Bug
Bounty?
Agenda
Barracuda Networks, Inc. Confidential and Proprietary.
3. Building the Barracuda Bug Bounty Program
Launched in 2010
Lorem ipsum dolor sit amet, onsectetur adipiscing
elit. Praesent sodales odio sit amet odio tristique .
It’s Super Simple to
Get Started
Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales
odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur
adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum
dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio
tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent
sodales odio sit amet odio tristique .
Why did
Barracuda
choose to start a
Bug Bounty
Program?
How did it work
logistically? What
did it cost?
What kind of
resources were
required internally?
03
Barracuda Networks, Inc. Confidential and Proprietary.
4. Weighing the Pros and Cons
Of Switching to a Third Party Bug Bounty Platform
Manage payouts
Scalability: Opening up to a base of
17,000 researchers
Communication buffer between
researchers and security team
Run the risk of losing hands on touch
Less personal communication and
feedback loop
04
Barracuda Networks, Inc. Confidential and Proprietary.
5. Transitioning to Bugcrowd
Once the decision was made to go with a third party, what was the process like?
Results What are the main differences in
results between running an in house
program and a third party program?
Resource
Allocation
How did the restructuring of your bug
bounty program effect your overall
security team?
05
Workflow
Integration
How did you reroute bug
submissions and validation within
your workflow?
Optimizion
Barracuda Networks, Inc. Confidential and Proprietary.
6. Program Stats & Lessons from the Trenches
Barracuda’s Bug Bounty Program on the Bugcrowd Platform
Average Priority
3.5
Paid $
$27,771
Submission Count
316
06
Reporting Beyond providing a validated list of vulnerabilities, their location and
instructions to reproduce the issue, we also provide executive
summary reports suitable for use with management and auditors.
Barracuda Networks, Inc. Confidential and Proprietary.