Recently our Security team have found multiple vulnerabilities in some Add-Ons I was interested in for both Jira Software and Jira Service Management. Minimal things like Pen Tests were not even available.
This is becoming an issue, as I am looking for various add-ons and they keep failing Security. So that got me wondering, how come Atlassian approves them into their Marketplace and yet these add-ons have major security vulnerabilities.
What does Atlassian check for in regards to Security before approving ANY add-on to it's Marketplace?
I hope someone from Atlassian can answer that so i can put some Security compliance process behind that in our org.
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.