1Password announced it is increasing its top bug bounty reward to $1 million after paying out $103,000 to Bugcrowd researchers since 2017.
The company averages about $900 per reward, but 1Password CEO Jeff Shiner said the company hopes to “attract another layer of outside expertise to make sure our systems are as secure as possible.”
“Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence,” Shiner said. “No one should have to choose between safety and convenience, and we’re making this major investment to demonstrate our commitment to keeping 1Password customers secure.”
1Password said it was the highest bounty in Bugcrowd history but noted that they frequently work with security experts and white-hat hackers to beef up the security of the password management platform.
Ashish Gupta, CEO of Bugcrowd, said 1Password has held their top bug bounty reward spot since 2017.
“The researcher community has long been a pivotal piece of the security puzzle, and is especially important today as hackers become savvier with their techniques and threats escalate from Russia,” Gupta said.
1Password also noted that it holds about 12 “external penetration tests” each year and releases reports about the tests.
The company also has an internal “Eyes of the Month program” for their employees that rewards the person who brings in the most “impactful security issue” that month.