Hi, Ken. I worked full-time for AgileBits back when 1Password for Teams was rolled out, but now I mostly write firmware for another company and administer the vulnerability (“bug bounty”) program, as well as some other security-related things for AgileBits, in my copious spare time.
We have had a number of security vendors look over our server configuration and other security-relevant information, and we have an on-going vulnerability program running with BugCrowd. The results of these security audits and vulnerability programs are published on our web site.
I do my best to run the vulnerability program “white-box”, providing researchers with API information and our white paper. I’m also willing to answer questions from researchers, within reason. I would have to look up all of the award levels, but our “capture the flag” bounty is currently $100,000 and no one has ever managed to actually capture the flag (which is actually a very bad haiku).