Strengthening our investment in customer security with a $1 million bug bounty

Strengthening our investment in customer security with a $1 million bug bounty

Emily Chioconi by Emily Chioconi on

At 1Password, we’re committed to providing an industry-leading security platform for both businesses and families. That’s why today, we’re announcing that we’ve increased our top bug bounty reward with Bugcrowd to $1 million. With this investment, we’re further bolstering our ongoing efforts to keep 1Password customers as secure as possible.

What is Bugcrowd?

Testing software for security vulnerabilities, commonly called penetration testing, is typically handled through specialized firms. Bugcrowd provides a platform where multiple security researchers can come together to offer a crowdsourced investigation. Bugcrowd makes it possible for companies like 1Password to work with tens of thousands of security researchers and ethical hackers on an ongoing basis.

The bug bounty program lets 1Password reward these security researchers for helping fortify our defenses and protect our customers against evolving threats.

1Password and Bugcrowd

Since 2017, 1Password has worked with Bugcrowd to reward researchers who identify potential vulnerabilities. Simply put, when a researcher finds something we’ve overlooked, we want to hear from them and reward them for their efforts. Bugcrowd acts as an additional layer of scrutiny on top of our existing security audits and ongoing internal assessments.

To date, we’ve paid out $103,000 to Bugcrowd researchers, averaging $900 per reward. While all the detected bugs have been minor and didn’t pose a threat to sensitive customer data, we were able to resolve them quickly and reduce the risk of attacks. After nearly 800 attempts from researchers, the total payout showcases 1Password’s relentless commitment to protecting our customers.

Our ongoing efforts to keep your data safe

As part of our day-to-day operations, we regularly engage external security experts and white hat hackers to find blind spots and strengthen the 1Password platform. These efforts include:

  • Conducting more than a dozen external penetration tests annually, the results of which are released in full to the public.
  • Staffing protocols that ensure security-directed developers are always a part of product development teams.
  • Security Ambassador Program to continuously train and develop security expertise within development teams.
  • Eyes of the Month program that rewards the employees who report the most notable security issue of the month, surfacing bugs that can only be found by those familiar with the subject matter and creating awareness across the company.
  • Internal testing and review programs designed to strengthen the 1Password’s culture of privacy and security.

We’re hoping to build on these existing initiatives by further investing in our bug bounty program and attracting more outside expertise to make our systems as secure as possible. Enlisting the collective intelligence of thousands of researchers helps 1Password consistently deliver a reliable, secure product that makes online safety accessible to anyone.

Our commitment to human-centric security

The busier we get, the more we favor simple solutions over secure ones. But protecting our privacy and personal information shouldn’t be so difficult. No one should have to choose between security and convenience, and with 1Password, they don’t have to. Our new investment in an industry-leading bug bounty program lets us cover more ground as we pursue our mission to help people navigate the digital world without fear or friction.

Content Marketing Manager

Emily Chioconi - Content Marketing Manager Emily Chioconi - Content Marketing Manager

Tweet about this post