1Password
- $50 – $30,000 per vulnerability
Program Updates!
Greetings and Happy New Year!
Quick shout out and thanks to everyone who has been participating in our program.
If you are not aware, we have a regular release cycle for our product, and publish release publicly with all the changes. The schedule is as follows:
We deploy our server (API) and website code daily, Monday through Thursday (except holidays) or occasionally on Fridays or Holidays if needed. When there are customer facing changes they will be listed in our release notes.
Our client apps (desktop and mobile) are released every 4 weeks to Stable, and weekly to Beta. For the client apps, you can download the latest stable version of 1Password or find the Beta versions detailed in our release notes.
Other in scope targets such as the CLI, SCIM Bridge, Connect Server, and Events Reporting API have an ad-hoc release cadence. However, these are also areas that are not often looked at by bug bounty researchers!
Reminder!
You can test with your 1Password account, or any family or business account you own. You cannot test with any account you don’t own. You’re welcome to create trial accounts for testing purposes.
Additional Information
If you’re interested in testing our nightly build, you can install the nightly release as follows:
- Open and unlock 1Password.
- Click your account or collection at the top of the sidebar and choose Settings.
- Click Advanced, then set “Release channel” to Nightly.
Updates will be installed automatically when “Install updates automatically” is turned on.
Note: Issues found in nightlies may be evaluated differently than issues found in a stable release.
As always, if you have any questions, you can reach out to us at bugbounty@agilebits.com.
Thanks, and happy hunting!
If you have any questions, please reach out to https://bugcrowd-support.freshdesk.com/.
