skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Why We’re Letting 60,000 Bugcrowd Security Researchers Ethically Hack Us

Why We’re Letting 60,000 Bugcrowd Security Researchers Ethically Hack Us

At Atlassian, security is baked into the product development lifecycle. We employ an entire team of security engineers who build threat models, review code, and test our systems. Building and maintaining products that keep our customers safe is a team effort.

Today, we’re launching Atlassian’s first bug bounty program. We’re adding JIRA and Confluence Cloud to the existing programs for Trello and StatusPage, and will soon expand to additional cloud as well as self-hosted products in the months to come. Our new public bounty program will eventually replace the private disclosure program the Atlassian Security Team has been running for a few years through our JIRA Service Desk. The original program has grown significantly since it started, and with the added complexity of managing over 14 product lines, we decided it was time to turn to an expert, Bugcrowd, to help supercharge our program.

With Bugcrowd, provider of crowd-sourced security testing, Atlassian’s security team adds nearly 60,000 external cybersecurity researchers. This highly capable community is constantly testing our products, using well-defined guidelines and a safe testing ground to perform their research. Their results are shared through a standardized reporting mechanism, and Bugcrowd’s application security engineering team handles the initial triaging and vulnerability validation.

For more information about our bug bounty program and to see the scope of the program, please click here!

This originally appeared on Atlassian’s blog on July 12, 2017.

Back To Top