Trust & Security

Atlassian maintains submissions to the Cloud Security Alliance (CSA) STAR Registry for our major Cloud Services. The STAR Registry hosts the Consensus Assessment Initiative Questionnaire (CAIQ), whic...

Bill Marriott started a discussion 5 0 July 26, 2020

SOC 2 Overview SOC Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizations. Refer to the AICP...

Victoria started a discussion 6 1 July 15, 2020

We recently updated our Security Bug Fix Policy to reflect our current vulnerability resolution timeframes.  Most notably, we have shortened the time frame in which we aim to address all se...

Colin Xu started a discussion 6 1 July 13, 2020

We maintain an always on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third-party that...

Bill Marriott started a discussion 2 0 July 13, 2020

Hi Team :) I worked a year on security and now I am at Select Support at Atlassian. I have knowledge of web app security, IPS, IDS, devsecops, and some other cool sec stuff.   Please let...

Fabiano Martins started a discussion 4 8 June 30, 2020

We recently updated and posted our Statement of Applicability for our products to our compliance FAQ.     Please see: https://www.atlassian.com/trust/compliance/compliance-faq

Griffin Jones started a discussion 2 15 June 9, 2020

Hi all,   Out of the JIRA Cloud service and BitBucket, can these services be or are they ITAR + NIST 800-171 compliant? As far as I know BitBucket cloud at least does not leave the United Stat...

Elias Moya started a discussion 10 28 June 3, 2020

...pecific report (Link below) were already addressed by the time report made available publicly. https://www.atlassian.com/br/dam/jcr:161357c4-7380-450f-b8a6-0a4cb14af625/Atlassian_Bugcrowd_Report-2020-0...

Philip Choudhury started a discussion 0 3 May 26, 2020

...omplete out in order for us to share our documentation.As of right now access is limited to the Trust team and all requests for documentation will be routed to us for approval. In true Atlassian spirit w...

Griffin Jones started a discussion 2 0 May 22, 2020

Update Jun 22: Thanks to everyone who got in touch! This call for participation is now closed. --- Hi Security and Risk group! I'm Roger, a Product Manager at Atlassian. If you or your colleagu...

Roger Barnes started a discussion 2 0 May 21, 2020

Hi, I have read that JIRA Cloud is not HIPAA compliant yet, but what about JIRA Server? (specifically Jira Service Desk)   Thanks, Nicolas

Nicolas Khoury started a discussion 1 2 May 11, 2020

Hello Security Trust Community! I am happy to announce we have produced and published the Atlassian Sustainability Report 2020! Privacy & Security have been identified as ...

Jodie Vlassis started a discussion 1 2 April 22, 2020

Hello everyone, hope everyone is doing well!! I'm Soumyadeep Mandal or you can call me SaM! I'm an Atlassian user since last couple of years and I'm from Kolkata, India.&nbs...

Soumyadeep Mandal started a discussion 24 8 April 22, 2020

We maintain an always on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third-party that...

Bill Marriott started a discussion 9 1 April 20, 2020

There is a lot happening in our ecosystem right now...Check it out!  https://www.atlassian.com/blog/add-ons/cloud-ecosystem-security

Griffin Jones started a discussion 5 0 April 7, 2020

Hello I am researching the best way to design GRC structures using Jira and confluence. Any pointers to guidance would be appreciated

Nuala Clamp started a discussion 2 5 March 28, 2020

I was very fortunate to attend ISACA’s Sydney Chapter - International Women's Day conference here in Sydney recently. I was very honoured to represent Atlassian at this event (unfortunately I did not...

Jodie Vlassis started a discussion 3 2 March 25, 2020

...ackground and experience, I'd gained experience across both private and public sectors. I have worked alongside top management to improve business performance by designing intelligent ways to achieve d...

Jodie Vlassis started a discussion 8 0 March 15, 2020

At Atlassian, we are well aware of the importance of the data that you, our customers, store in our products. We aim to give you insight on all our products, but we’d like to start with Confluence an...

Bill Marriott started a discussion 4 1 February 26, 2020

Securing Third Party Apps   Atlassian leads by example with a thriving Marketplace ecosystem that enable our customers to unleash the potential of every team. As such, we are responsible ...

Griffin Jones started a discussion 4 0 February 24, 2020

A crowdsourced approach  A bug bounty program is one of the most powerful post-production tools you can implement to help detect vulnerabilities in your applications and services. Crowd...

Griffin Jones started a discussion 1 4 February 19, 2020

SOC 2 Overview SOC Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizations. Refer to the AICPA for...

Victoria started a discussion 6 2 February 6, 2020

What is it? When considering the term “risk,” most people usually associate it with “What could go wrong?”. While generally true and rooted in evolutionary cognitive bias, this is only part of t...

Griffin Jones started a discussion 8 1 February 5, 2020

...ur bug bounty program, but please note: automated scanner findings will not be accepted. Once submitted, you must first request permission from us before disclosing an issue publicly. Results o...

Griffin Jones started a discussion 4 2 January 28, 2020

We maintain an always on bug bounty to identify and triage issues in our products and services. Many customers ask us for a copy of a recent ‘penetration reports’ or similar - basically a report from...

Bill Marriott started a discussion 7 0 January 23, 2020