Human-centric security leader, 1Password, announced it has increased its top bug bounty reward to $1 million, marking the highest bounty in Bugcrowd history and one of the largest rewards in cybersecurity. The new program builds on a long history of successful bug bounty programs and is aligned with the company’s commitment to providing an industry-leading security platform for both businesses and families.
“No one should have to choose between safety and convenience, and we’re making this major investment to demonstrate our commitment to keeping 1Password customers secure,” said Jeff Shiner, CEO of 1Password. “Increasing our bug bounty to $1 million will attract another layer of outside expertise to make sure our systems are as secure as possible. Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence.”
As part of its normal day-to-day operations, 1Password regularly engages external security experts and white hat hackers to point out any blind spots to strengthen its platform. This program expands that initiative by enlisting thousands of researchers whose collective intelligence enables 1Password to consistently deliver a user-friendly and reliable product that makes protecting privacy, data and personal information second nature.
Since beginning the bug bounty program in 2017, 1Password has paid out $103,000 to Bugcrowd researchers, averaging $900 per reward. While all detected bugs have been minor, showing no threat to the secrecy of sensitive customer data, 1Password was able to resolve them quickly to reduce the risk of attacks. After nearly 800 attempts from researchers at the previous bounty of $100,000, the total payout to date demonstrates the team’s relentless commitment to security.
“The researcher community has long been a pivotal piece of the security puzzle, and is especially important today as hackers become savvier with their techniques and threats escalate from Russia,” said Ashish Gupta, CEO of Bugcrowd. “1Password has held our top bug bounty reward spot since 2017, and their new top prize of $1 million underscores their respect for the value our community provides.”
This bug bounty program, builds on a number of additional security programs 1Password has in place, including:
- Conducting more than a dozen external penetration tests annually, the results of which are then released in full to the public.
- Staffing protocols that ensure security-directed developers are always embedded within product development teams.
- Security Ambassador Program to continuously train and develop security expertise in development teams.
- Eyes of the Month program that rewards the employees that report the most impactful security issue of the month, routinely surfacing bugs that can only be found by those familiar with the subject matter and creating an ongoing educational forum to present learnings across the entire company.
- Internal testing and review programs designed to strengthen the company’s strong culture of privacy and security.