A pop-up survey could appear while you're here--curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

removed

DPK
DPK March 9, 2024

removed

Comment
Watch
Like # people like this
2523 views

3 comments

Comment

Log in or Sign up to comment
Joseph Chung Yin
Joseph Chung Yin
Community Champion
March 9, 2024

@DPK -

Although we are just customers of Atlassian using Jira/JSM products and not application development vendors, third party vendor's participation in the Bug Bounty program with Atlassian is one thing that we will always look for.  If a third party vendor are not an participate of the program, then we will not even consider their add-ons at all.

Take a look at the following Atlassian reference links on this program -

https://developer.atlassian.com/platform/marketplace/marketplace-security-bug-bounty-program/

https://www.atlassian.com/trust/security/report-a-vulnerability

https://community.atlassian.com/t5/Trust-Security-articles/Bug-Bounty-July-2023-Update/ba-p/2415834

Again, this is an important participation in our option.

Best, Joseph

Like # people like this
Reply
Thorsten Letschert _Decadis AG_
Thorsten Letschert _Decadis AG_
Community Champion
March 11, 2024

Hey,

Welcome to the club.

I'd definitely support engaging in this program for several reasons:

Although I do not know what your app is about, I'd recommend re-checking on proper authentication and remediation of everything related to user inputs and XSS to have a smooth start.

Cheers,
Thorsten

Like # people like this
Reply
Deleted user May 30, 2024

Congrats on gaining some traction with your app! 


We are in the program and make sure that all of our apps (4 so far) attain Cloud Fortified status.  The Marketplace is getting increasingly noisy and competitive so having these clear, third party validators for our apps definitely assists in our perception. 

As we (Revyz) are in the enterprise space as well as being a data protection and security vendor - its a no-brainer for us to be in bug bounty.   A couple of other areas that we have decided to sign up to are multi-residency for client data and SOC2 - we have prospective customers asking about both fairly frequently.

Our philosophy is to be as transparent and thorough as possible with our clients when it comes to security and compliance so we also publish the details on the security section of our support site.  

 https://support.revyz.io/legal-security/revyz-security-compliance-overview

I'm happy to tag our CTO in if you need some more specific feedback on the program and good luck on your next step.

 

Like
Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security