1Password, which has paid out $103,000 in bug bounty rewards to Bugcrowd researchers since 2017, has announced that their top bug bounty payout will now be $1 million. The company averages about $900 per reward, and 1Password CEO Jeff Shiner said the firm plans to add another layer of outside expertise to ensure their systems are as safe as possible by paying around $900 per award.
“Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence,” Shiner said. “No one should have to choose between safety and convenience, and we’re making this major investment to demonstrate our commitment to keeping 1Password customers secure.”
1Password announced that its payout was the greatest in Bugcrowd history, but added that they often collaborate with security professionals and white-hat hackers to improve the platform’s security. 1Password also stated that it conducts approximately 12 “external penetration testing” per year and publishes reports on the results.
“The research community has long been a pivotal piece of the security puzzle, and is especially important today as hackers become savvier with their techniques and threats escalate from Russia,” said Ashish Gupta, CEO of Bugcrowd.
Additionally, the firm has an internal “Eyes of the Month” initiative for its staff, which awards the person who reports the most “impactful security issue” for the month.