1Password has announced that it has increased its top bug bounty reward for finding potential security flaws in its password manager to $1m.
Not only is the highest bounty in the history of the IT security company Bugcrowd but it’s also one of the largest rewards in the industry.
CEO of 1Password, Jeff Shiner explained in a press release how the move will attract additional security experts and white hat hackers while also strengthening the security of its password manager, saying:
“No one should have to choose between safety and convenience, and we’re making this major investment to demonstrate our commitment to keeping 1Password customers secure. Increasing our bug bounty to $1 million will attract another layer of outside expertise to make sure our systems are as secure as possible. Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence.”
Strengthening its platform
1Password regularly engages both external security experts and white hat hackers as part of its normal day-to-day operations in an effort to discover any blind spots in its platform. By expanding its bug bounty program though, the company will be able to enlist thousands of researchers to continue these efforts.
Since starting its bug bounty program back in 2017, 1Password has paid out $103k to Bugcrowd researchers with an average bounty of $900. Although all of the bugs detected so far have been minor and didn’t put any sensitive customer data at risk, the company was able to resolve them quickly which also helped reduce the risk of attacks.
Besides its bug bounty program, 1Password conducts over a dozen external penetration tests annually and releases the results to the public. However, the company also has a Security Ambassador Program to train and develop security expertise in its development teams as well as an Eyes of the Month program that rewards employees who report the most impactful security issue of the month.
Security researchers and others interested in getting started with the 1Password bug bounty program can visit the company’s site or its Bugcrowd page.
