In case anyone from @1password is reading this, you may want to get in touch with me. I have reported a security vulnerability via their bugbounty program, and bugcrowd's staff thinks it's "not applicable", in my view clearly misinterpreting the program's rules. I am pretty sure it's something they want to address. I may consider other means of disclosure if this is "not applicable" for their bugbounty program..
@hanno Hey Hanno! 1Password is committed to strong security practices. This is why our Security team leverages BugCrowd escalation paths and our own regular internal review of submissions to ensure we are continually assessing the safety and security of our solutions.
Researchers with questions or concerns can email bugbounty@agilebits.com to directly reach our security team responsible for the program.
Add comment