Trust & Security

G’day everyone and happy 2022!  My name is Filiberto Selvas and I’m a Principal Product Manager focused on data management and compliance in highly regulated industries ! At Atlassian, we unde...

Filiberto Selvas published an article 14 22 January 4, 2022

Overview System and Organization Controls (SOC) Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizati...

Amy Knapp published an article 11 15 December 21, 2021

After the discovery of the vulnerability of version 1.2.17 of Log4j when is Atlassian intending to add the latest version of Log4j as part of the standard on premise installation?

terence_wright_airbus_com started a discussion 0 2 December 17, 2021

On December 9, Atlassian became aware of the vulnerability CVE-2021-44228 - Log4j. Impact on Cloud Products This vulnerability has been mitigated for all Atlassian cloud products previously ...

Jodie Vlassis published an article 49 20 December 13, 2021

...hat conducts an ongoing vulnerability assessment of our publicly available Applications and Services, the program is available at: https://bugcrowd.com/atlassian. To learn more about our results v...

Hosana published an article 4 1 December 13, 2021

hi, since the official statement about log4j is pretty brief (not to say lame), i'm looking for answers here. The vulnerability has been disclosed 4 days ago and still Confluence does not give any up...

Timo Hilbertz started a discussion 2 5 December 13, 2021

Atlassian’s 2020 reporting consisted of 8 SOC 2 reports individually attesting compliance for our cloud products. With each weighing-in at ~90 pages, we saw duplication of content, effort, inconsiste...

Amy Knapp published an article 8 3 November 30, 2021

Hello everyone, How you guys are mitigating Security Vulnerability CVE-2021-42574? I am still unable to understand the risk, impact and mitigation done by Atlassian. Is there any other workaround th...

Mayuresh Sakharape started a discussion 0 1 November 22, 2021

Hey there! If you’re looking for more tips and best practices for protecting your data and using Atlassian products securely and you’re part of the public sector, check out the Atlassian G...

Mel Policicchio published an article 5 1 November 9, 2021

Hello! We know that security and data management are top priorities for you, so they remain a top priority for us. We’ve heard from many of you that BYOK (bring your own key) encryption is an importa...

Bhavya Nag published an article 14 1 November 3, 2021

Icarus Labs is Atlassian's experimental security research team. It’s inspired by research groups like Google's Project Zero and Facebook’s Red Team X (which research new vulnerabilities), but for any...

Alex Hope published an article 26 0 November 2, 2021

Atlassian Cloud 製品の管理者が 事業継続計画 (BCP; business continuity planning) を立案するときに役立つ情報を紹介します。   ■ 前提知識 システムにより担保されている回復性は アトラシアンによる顧客データの管理 をご参照ください。以降、本稿では各製品の管理者が行えるアクションを紹介します。 &n...

K_ Yamamoto published an article 3 0 October 26, 2021

What are Standard Contractual Clauses (SCCs)? OnJun 4, 2021, an updated version of the Standard Contractual Clauses (or SCCs) was published by lawmakers in the European Union (EU) and they gave...

Bill Marriott published an article 4 6 October 26, 2021

Atlassian primarily relies on our Atlassian Bug Bounty Program and our own internal testing by our Security Engineers to test and identify security issues or vulnerabilities ...

Tanvir Ahmed started a discussion 8 1 October 24, 2021

We’re excited to announce that Trello has successfully completed their annual FedRAMP security assessment. For those not aware, Trello is now on its second year of having FedRAMP Tailored authorizati...

Miller published an article 9 0 October 21, 2021

Hi,   Last year there was a security program where 73 questions had to be answered through Whistic and a green-yellow-red rating could be obtained. Will this program be continued?

József Markovics-Horváth started a discussion 2 3 October 17, 2021

Hi, Recently regulators in the EU and US have become more active in trying to prevent fake reviews in marketplaces. For example see https://www.theregister.com/2021/10/14/fake_reviews_ftc/ . The ...

marc -Collabello--Phase Locked- started a discussion 12 1 October 15, 2021

Hello. A user of the Atlassian platform uses it to send spam with blackmail and extortion. This user's address is: jira@trans-l3eerf55.atlassian.net Смогут ли руководители Atlassian сотрудничать с...

Андрей started a discussion 4 2 October 14, 2021

Atlassian maintains submissions to the Cloud Security Alliance (CSA) STAR Registry for our major Cloud Services. The STAR Registry hosts the Consensus Assessment Initiative Questionnaire (CAIQ), whic...

Bill Marriott published an article 6 0 October 7, 2021

...uestions: What are your tried-and-true security measures or best practices? What are the absolute must-haves / minimum requirement? What is your wishlist security initiative to accomplish? What w...

Sandy started a discussion 10 2 October 6, 2021

What's the best way to get "pushed" security related announcements from Atlassian?  Other vendors have mailing lists you can subscribe to or RSS feeds. Atlassian has a security announcements pa...

Librarian started a discussion 1 3 October 6, 2021

We have re-certified for Payment Card Industries (PCI) for all of our major products.  Specifically, we achieved certification for Jira, Confluence, Bitbucket, Trello, Statuspage, Opsgenie, Ha...

Guy published an article 5 1 October 5, 2021

We maintain an always on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third-party that...

Bill Marriott published an article 7 2 October 5, 2021

Hi there! Where can I find following info please: Is data encrypted on Jira Cloud? Is encryption done by keys dedicated to the customer?   Thank you!  

natalia.lezhai started a discussion 4 5 October 4, 2021

As we highlight each quarter, we maintain an always-on bug bounty to identify and triage security vulnerabilities in our products and services. Many customers ask us for ‘penetration reports’ or simi...

Bill Marriott published an article 6 1 September 30, 2021