Request a Demo Contact Us
Need a Pen Test? Get Started Now!
Learn more

Learn how atlassian boosts their security posture by launching a fully managed bug bounty

"Our traditional application security practice produces great results early in the lifecycle and deep in our services, but the breadth and depth of post-implementation assurance provided by the crowd really completes the secure development lifecycle. Multiplying the specialization of a single bounty hunter by the size of the crowd creates a capability that just can’t be replicated by individual organizations."

Learn how atlassian boosts their security posture by launching a fully managed bug bounty

"Our traditional application security practice produces great results early in the lifecycle and deep in our services, but the breadth and depth of post-implementation assurance provided by the crowd really completes the secure development lifecycle. Multiplying the specialization of a single bounty hunter by the size of the crowd creates a capability that just can’t be replicated by individual organizations."

- Daniel Grzelak, Head of Security

For a number of years, Atlassian was running its own incentivized vulnerability reporting program. While very successful, the team was finding that it was too hard to manage the sheer number and varying quality of incoming reports.

For Atlassian, it became apparent the balance between improving security and handling incoming vulnerability reports wasn’t quite right — paired with the increased need for quicktime to action — which highlighted the need for managed bug bounty programs.

Challenges:

  • The global security community is becoming more familiar with the bug bounty model and more creative in finding flaws.
  • New types of systems are emerging, presenting additional opportunity for even more security concerns.
  • Even with a fully dedicated security team, Atlassian needed more help in building more secure products rather than triaging and validating incoming vulnerability findings.

Solution with Bugcrowd:

  • Implementing a Bugcrowd fully managed bug bounty program helped Atlassian uncover vulnerabilities faster than ever, freeing up their security team to allocate more time to finding anti-patterns and implementing broad mitigations.
  • By demonstrating their security posture, Atlassian is not only instilling confidence in the security of their products, they’re upholding one of the company’s core values: Openness.

Program Results:

2.8 Avg. Vulnerability Priority
135 Total Valid Submissions
82K Total Payout

Subscribe for updates

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.