Webinar SeriesBuild or Buy: The Barracuda Bug Bounty Story

Director of Engineering, Product Security, Barracuda

Dave Farrow

Product and Infrastructure Security Team Manager, Barracuda

Matthew Trimble

Sales Manager, Bugcrowd

Jason Pitzen

Build or Buy?The Barracuda Bug Bounty Story

02

Speakers Building the Barracuda Bug Bounty

Weighing our options: Build or Buy?

Transitioning to Bugcrowd.

Lessons from the Trenches.

Future of the Barracuda Bug Bounty?

Agenda

Barracuda Networks, Inc. Confidential and Proprietary.

Building the Barracuda Bug Bounty ProgramLaunched in 2010

Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique .

It’s Super Simple to Get Started

Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique . Lorem ipsum dolor sit amet, onsectetur adipiscing elit. Praesent sodales odio sit amet odio tristique .

Why did Barracuda choose to start a Bug Bounty Program?

How did it work logistically? What

did it cost?

What kind of resources were required internally?

03

Barracuda Networks, Inc. Confidential and Proprietary.

Weighing the Pros and ConsOf Switching to a Third Party Bug Bounty Platform

Manage payouts

Scalability: Opening up to a base of 17,000

researchers

Communication buffer between

researchers and security team

Run the risk of losing hands on touch

Less personal communication and

feedback loop

04

Barracuda Networks, Inc. Confidential and Proprietary.

Transitioning to BugcrowdOnce the decision was made to go with a third party, what was the process like?

Results What are the main differences in results between running an in house program and a third party program?

Resource Allocation

How did the restructuring of your bug bounty program effect your overall security team?

05

Workflow Integration

How did you reroute bug submissions and validation within your workflow?

Optimizion

Barracuda Networks, Inc. Confidential and Proprietary.

Program Stats & Lessons from the TrenchesBarracuda’s Bug Bounty Program on the Bugcrowd Platform

Average Priority

3.5Paid $

$27,771

Submission Count

316

06

Reporting Beyond providing a validated list of vulnerabilities, their location and instructions to reproduce the issue, we also provide executive summary reports suitable for use with management and auditors.

Barracuda Networks, Inc. Confidential and Proprietary.

QUESTIONS?

Gives a Big Thanks to Barracuda