AgileBits, the corporate behind common password supervisor 1Password, is elevating the highest bug bounty reward from $25,000 to $100,000, following the invention of significant vulnerabilities in common password managers, together with its personal service, that might have allowed attackers to achieve entry to consumer knowledge.
To obtain the best reward in its bug bounty program, AgileBits says researcher must entry an unencrypted “dangerous poetry” flag that’s saved in a 1Password vault.
“Safety is on the coronary heart of what we do,” says Jeff Shiner, AgileBits. “We owe it to our prospects to do every little thing in our energy to maintain them and their info safe. This implies utilizing the ingenuity of actual individuals to assist us regularly enhance the safety of 1Password. It was essential for us to show how severely we take this contribution and have elevated the prize to show it.”
AgileBits runs its bug bounty program by Bugcrowd, the place it additionally supplies all the knowledge researcher wants so as to meet the rules and be paid for his or her findings. The corporate lists 4 different “flags” that are eligible for a monetary reward, they usually vary from $5,000 for a precedence one bug to $100 for a precedence 4 bug.
The $100,000 reward is definitely the best on the Bugcrowd platform, I’m instructed, and among the many highest supplied by a tech firm exterior of main gamers like Apple, Google or Microsoft.
Picture credit score: pathdoc / Shutterstock