At Atlassian, security is baked into the product development lifecycle. We employ an entire team of security engineers who build threat models, review code, and test our systems. Building and maintaining products that keep our customers safe is a team effort.
Today, we’re launching Atlassian’s first bug bounty program. We’re adding JIRA and Confluence Cloud to the existing programs for Trello and StatusPage, and will soon expand to additional cloud as well as self-hosted products in the months to come. Our new public bounty program will eventually replace the private disclosure program the Atlassian Security Team has been running for a few years through our JIRA Service Desk. The original program has grown significantly since it started, and with the added complexity of managing over 14 product lines, we decided it was time to turn to an expert, Bugcrowd, to help supercharge our program.
With Bugcrowd, provider of crowd-sourced security testing, Atlassian’s security team adds nearly 60,000 external cybersecurity researchers. This highly capable community is constantly testing our products, using well-defined guidelines and a safe testing ground to perform their research. Their results are shared through a standardized reporting mechanism, and Bugcrowd’s application security engineering team handles the initial triaging and vulnerability validation.
For more information about our bug bounty program and to see the scope of the program, please click here!
This originally appeared on Atlassian’s blog on July 12, 2017.