1Password Raises Bug Bounty Incentive to a Whopping $1 Million

1Password has increased its top bug bounty reward to $1 million. This marks the highest bounty in its Bugcrowd program history and one of the largest rewards in cybersecurity.

1Password’s Jeff Shiner

“No one should have to choose between safety and convenience, and we’re making this major investment to demonstrate our commitment to keeping 1Password customers secure,” said Jeff Shiner, CEO of 1Password. “Increasing our bug bounty to $1 million will attract another layer of outside expertise to make sure our systems are as secure as possible. Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence.”

1Password regularly engages external security experts and white-hat hackers. These regular practices and engagements are designed to point out any blind spots to strengthen its platform. This bug program expands that initiative. It utilizes thousands of researchers whose collective intelligence enables 1Password to consistently deliver a user-friendly and reliable product that makes protecting privacy, data and personal information second nature, the company said.

Bugcrowd Researchers Band Together

1Password began the bug bounty program in 2017. Since then, the company has paid out $103,000 to Bugcrowd researchers, averaging $900 per reward. All detected bugs to date have been minor and haven’t threatened the secrecy of sensitive customer data. So 1Password was able to resolve them quickly to reduce the risk of attacks. After nearly 800 attempts from researchers at the previous bounty of $100,000, the total payout to date demonstrates the team’s over-attention to security, 1Password said.

Bugcrowd’s Ashish Gupta

“The researcher community has long been a pivotal piece of the security puzzle, and is especially important today as hackers become savvier with their techniques and threats escalate from Russia,” said Ashish Gupta, CEO of Bugcrowd. “1Password has held our top bug bounty reward spot since 2017, and their new top prize of $1 million underscores their respect for the value our community provides.”

This bug bounty program builds on a number of other security programs 1Password has in place.

Additional Programs

• Conducting more than a dozen external penetration tests annually. These results are then released in full to the public.
• Staffing protocols that ensure security-directed developers are always embedded within product development teams.
• Security Ambassador Program to continuously train and develop security expertise in development teams.
• Eyes of the Month program that rewards the employees who report the most impactful security issue of the month, routinely surfacing bugs that can only be found by those familiar with the subject matter and creating an ongoing educational forum to present learnings across the entire company.
• Internal testing and review programs designed to strengthen the company’s strong culture of privacy and security.

1Password recently closed a $620 million funding round, raising its valuation to $6.8 billion.