Learn how atlassian boosts their security posture by launching a fully managed bug bounty

Download Case Study

Opportunity

For a number of years, Atlassian was running its own incentivized vulnerability reporting program. While very successful, the team was finding that it was too hard to manage the sheer number and varying quality of incoming reports.

For Atlassian, it became apparent the balance between improving security and handling incoming vulnerability reports wasn’t quite right — paired with the increased need for quicktime to action — which highlighted the need for managed bug bounty programs.

Challenges:

  • The global security community is becoming more familiar with the bug bounty model and more creative in finding flaws.
  • New types of systems are emerging, presenting additional opportunity for even more security concerns.
  • Even with a fully dedicated security team, Atlassian needed more help in building more secure products rather than triaging and validating incoming vulnerability findings.

Solution with Bugcrowd:

  • Implementing a Bugcrowd fully managed bug bounty program helped Atlassian uncover vulnerabilities faster than ever, freeing up their security team to allocate more time to finding anti-patterns and implementing broad mitigations.
  • By demonstrating their security posture, Atlassian is not only instilling confidence in the security of their products, they’re upholding one of the company’s core values: Openness.

Program Results:

2.8 Avg. Vulnerability Priority
135 Total Valid Submissions
82K Total Payout
Our traditional application security practice produces great results early in the lifecycle and deep in our services, but the breadth and depth of post-implementation assurance provided by the crowd really completes the secure development lifecycle. Multiplying the specialization of a single bounty hunter by the size of the crowd creates a capability that just can’t be replicated by individual organizations.
Daniel Grzelak Head of Security

Program Facts

Industry
Technology
Program Type
Private Bug Bounty, Public Bug Bounty

Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.