Bug Bounty September 2025 Update

Quarterly, we publish a roll-up report from each of our Bug Bounty programs to give our customers a view of the progress of the program and the vulnerabilities. These reports are one method of showing that we are actively testing and identifying security issues that are in our products or services.

Our bug bounty program serves as an extension of our own team, providing continuous monitoring and testing for potential vulnerabilities. We believe that this comprehensive approach provides superior value when combined with targeted penetration tests that are also performed (we post updated Letters of Attestation for each product’s third-party penetration test on our https://www.atlassian.com/trust/security/security-testing, at the bottom of the page).

Bug Bounty Stats for the Quarter

In the July 2025 to September 2025 quarter, we had 402 individual security researchers participate in our bug bounty program, submitting a total of 983 bugs for review, with a total of 214 valid bugs, which is an average of ~28% valid bug to noise ratio (with a low of 11% valid bug to noise ratio in our OpsGenie program and a high of 63% valid bug to noise ratio in our Jira Align program) across all of our independent bug bounty programs.

Compared to the previous April 2025 to June 2025 quarter, we had a 3% decrease in security researchers, 25% decrease in bugs submitted for review, and a 32% decrease in valid bugs, with a lower bug-to-noise ratio by 2.6%.

Download current Bug Bounty reports

These reports show the progress of our bug bounties for the July 2025 to September 2025 quarter. Any security vulnerabilities identified in the reports below are tracked in our internal Jira as they come through the Bug Bounty intake process and are closed according to the SLA timelines on our Security Bug Fix Policy.

• Download the latest Atlassian bug bounty report (2025-10)

• Download the latest Jira Align bug bounty report (2025-10)

• Download the latest Opsgenie bug bounty report (2025-10)

• Download the latest Statuspage bug bounty report (2025-10)

• Download the latest Trello bug bounty report (2025-10)

Atlassian’s Security Testing Updates

The Security Testing team continues to work closely with a panel of cybersecurity consultancies to conduct comprehensive white-box penetration tests on Atlassian products annually.

This approach ensures that Atlassian's products and services undergo rigorous testing and evaluation. By combining the bug bounty program with the efforts by our Security Testing team, Atlassian can leverage the expertise of external researchers while also maintaining a proactive and comprehensive security posture.

If you are looking for our penetration test reports, please review our https://www.atlassian.com/trust/security/security-testing#bug-bounty-reports page and download our published Letters of Attestation (LoAs) for all Atlassian products within our Customer Trust Portal.