“AgileBits, the company behind popular password manager 1Password, is raising the top bug bounty reward from $25,000 to $100,000, following the discovery of serious vulnerabilities in popular password managers, including its own service, that could have allowed attackers to gain access to user data,” Mihăiță Bamburic reports for BetaNews.
“To receive the highest reward in its bug bounty program,” Bamburic reports, “AgileBits says that a researcher would have to access an unencrypted ‘bad poetry’ flag that is stored in a 1Password vault.”
Bamburic reports, “The $100,000 reward is actually the highest on the Bugcrowd platform, I am told, and among the highest offered by a tech company outside of leading players like Apple, Google or Microsoft.”
Read more in the full article here.
MacDailyNews Take: Go get it, hackers!
Love 1Password
Have it in all of my devices. It’s a pleasure to use
You have to admire their commitment to security illustrated by thus reward
Long time user of 1 Password, but not happy that they have turned it into rental software. I am no fan of software as a service.
I agree. I’ve used 1Password for many years, but if I had to do it again with their subscription services, I would look at other products. And, should they try to force like me into a subscription, I’d drop it, in all probability.
Just because it has a subscription option doesn’t mean you have to subscribe. Lifetime license purchase is still offered.
You are correct. I was turned off with there subscription option, until I realized that I could use it like I always have, without the features of the subscription that is. That said, I think there subscription is expensive for what it offers.
Excellent. I’m happy to have backed Agile’s work many years back.
The point of jacking up the bug bounty for one’s software is to lure the hackers to tell YOU the bugs they found in your software, as opposed to telling the crooks and governments (who may well be crooks as well). It’s a bidding system. It’s a reward that both motivates and lures white hat hacker behavior. Hurray.
⛑🎩🕵
I am asking my employer to fund enterprise password management for all IT employees. Thus incorporate password generator, and the ability share passwords used on assets.