AgileBits, which owns the Password manager 1Password, has announced that it has raised the maximum possible reward in its bug bounty program from $25,000 to $100,000.
The quadrupling of its prize money puts it within reach of other programs offered by Apple, Microsoft, and Google.
In order to earn the full reward, researchers must demonstrate an ability to crack the secure vault technology used by 1Password to store credentials. The company has created a special researcher vault, containing bad poetry, which researchers are to target.
To assist further, 1Password provides supplemental documentation containing real recent issues, in order to give direction to where more issues may be present.
The timing couldn’t be more perfect, as in recent weeks, bug bounty programs have soared in visibility in the wake of the disastrous CloudLeak incident.
CloudFlare was widely pilloried, both in the media and within the security community, for having a bug bounty program with a maximum reward of a t-shirt.
Although AgileBits is a measurably smaller company than CloudFlare – and indeed, Apple, Microsoft, and Google – it’s encouraging to see they recognize the importance of engaging with the wider security community in order to protect their users.