build or buy: the barracuda bug bounty story [webinar]
TRANSCRIPT
Webinar SeriesBuild or Buy: The Barracuda Bug Bounty Story
Director of Engineering, Product Security, Barracuda
Dave Farrow
Product and Infrastructure Security Team Manager, Barracuda
Matthew Trimble
Sales Manager, Bugcrowd
Jason Pitzen
Build or Buy?The Barracuda Bug Bounty Story
02
Speakers Building the Barracuda Bug Bounty
Weighing our options: Build or Buy?
Transitioning to Bugcrowd.
Lessons from the Trenches.
Future of the Barracuda Bug Bounty?
Agenda
Barracuda Networks, Inc. Confidential and Proprietary.
Building the Barracuda Bug Bounty ProgramLaunched in 2010
Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique .
It’s Super Simple to Get Started
Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique .
Why did Barracuda choose to start a Bug Bounty Program?
How did it work logistically? What
did it cost?
What kind of resources were required internally?
03
Barracuda Networks, Inc. Confidential and Proprietary.
Weighing the Pros and ConsOf Switching to a Third Party Bug Bounty Platform
Manage payouts
Scalability: Opening up to a base of 17,000
researchers
Communication buffer between
researchers and security team
Run the risk of losing hands on touch
Less personal communication and
feedback loop
04
Barracuda Networks, Inc. Confidential and Proprietary.
Transitioning to BugcrowdOnce the decision was made to go with a third party, what was the process like?
Results What are the main differences in results between running an in house program and a third party program?
Resource Allocation
How did the restructuring of your bug bounty program effect your overall security team?
05
Workflow Integration
How did you reroute bug submissions and validation within your workflow?
Optimizion
Barracuda Networks, Inc. Confidential and Proprietary.
Program Stats & Lessons from the TrenchesBarracuda’s Bug Bounty Program on the Bugcrowd Platform
Average Priority
3.5Paid $
$27,771
Submission Count
316
06
Reporting Beyond providing a validated list of vulnerabilities, their location and instructions to reproduce the issue, we also provide executive summary reports suitable for use with management and auditors.
Barracuda Networks, Inc. Confidential and Proprietary.
QUESTIONS?
Gives a Big Thanks to Barracuda