As a creator of technologies and products that help businesses protect their resources and users, Barracuda Networks continuously focuses on improving the security of our products.
This program only awards points for VRT based submissions.
Target name | Type
Barracuda Email Security Gateway | Other
Barracuda Message Archiver | Other
Barracuda Web Security Gateway | Other
Barracuda Web Application Firewall | Other
Barracuda CloudGen Firewall | Other
Barracuda Firewall | Other
Barracuda SSLVPN | Other
Barracuda ADC | Other
We encourage researchers to perform testing using their own appliances.
All Barracuda Networks, Inc. systems and services not listed above are explicitly excluded from the program. This includes, but is not limited to, our websites, infrastructure, and cloud services. Any researcher seeking to perform vulnerability testing upon excluded systems must have prior written consent from the Senior Director of Information Security at Barracuda Networks, Inc. and should be requested through established Bugcrowd communication channels. We may legally pursue researchers conducting vulnerability testing on excluded systems without prior written consent.
Testing is only authorized on the targets listed as In-Scope. Any domain/property of Barracuda not listed in the targets section is out of scope. This includes any/all subdomains not listed above.
If you identify a security vulnerability on a target that is not in-scope, but that demonstrably belongs to Barracuda, it may be reported to this program. Note that this is in the spirit of "If you see something, please say something" only. Active testing on all out-of-scope targets is expressly prohibited. Reports of this type are appreciated - but will ultimately be marked as 'not applicable' and will not be eligible for monetary or points- based compensation.
the following finding types are specifically excluded from the receiving Kudos:
The Barracuda appliance family of products is built on a common platform and framework. A vulnerability found in one product may therefore exist in others. When determining bounty awards, we will grant a single award that accounts for the impact to all affected products.
The program relates to security vulnerabilities in the products. Deficiencies in product functionality are excluded. This includes but is not limited to:
This program is not open to minors, individuals on sanctions lists or individuals in countries on sanctions lists. You are responsible for any tax implications or additional restrictions depending on your country and local law. Barracuda Networks strictly complies with US export laws and regulations. Persons and entities in countries embargoed by the US government or denied from accessing US technology are prohibited from accessing Barracuda Networks systems and participating in this program. We reserve the right to cancel this program at any time and the decision to pay a reward is entirely at our discretion. The decision of Barracuda Networks is final and non-appealable. This offer is void where prohibited by law and in participating, you must not violate any law. You also must not disrupt any service or compromise anyone's data.
Thank you for your interest in the Barracuda Security Bug Bounty Program and for helping Barracuda Networks make our products more secure.
This program follows Bugcrowd’s standard disclosure terms.
|Scope Type||Scope Name|
Barracuda Message Archiver
Barracuda Email Security Gateway
Barracuda CloudGen Firewall
Barracuda Web Security Gateway
Barracuda Web Application Firewall
This program feature scope type like web_application.