Hi all,
While adopting Rovo, has any of your Cybersec teams conducted Penetration testing? Have they identified any issues like Prompt Injection or Sensitive Information Disclosure?
We have seen these identified in one of our very secure Cloud Enterprise org and I'd like to find what solution was applied to overcome this. Any help appreciated.
Atlassian has its own place for reporting the vulnerabilities upon the penetration testing. You would need to report this vulnerability, they need to verify it and upon that, they would apply a fix.
You can report that in here: https://www.atlassian.com/trust/security/report-a-vulnerability
They also have a bug bounty program that is hosted by Bugcrowd where the report could also be reported.
OffensiveSecurity has a good article on this: https://www.offsec.com/blog/how-to-prevent-prompt-injection/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.