For a number of years, Atlassian was running its own incentivized vulnerability reporting program. While very successful, the team was finding that it was too hard to manage the sheer number and varying quality of incoming reports.

For Atlassian, it became apparent the balance between improving security and handling incoming vulnerability reports wasn’t quite right — paired with the increased need for quicktime to action — which highlighted the need for managed bug bounty programs.

Challenges:

• The global security community is becoming more familiar with the bug bounty model and more creative in finding flaws.
• New types of systems are emerging, presenting additional opportunity for even more security concerns.
• Even with a fully dedicated security team, Atlassian needed more help in building more secure products rather than triaging and validating incoming vulnerability findings.

Solution with Bugcrowd:

• Implementing a Bugcrowd fully managed bug bounty program helped Atlassian uncover vulnerabilities faster than ever, freeing up their security team to allocate more time to finding anti-patterns and implementing broad mitigations.
• By demonstrating their security posture, Atlassian is not only instilling confidence in the security of their products, they’re upholding one of the company’s core values: Openness.