Is there any security risks on Jira application ?

Manuel Campomanes April 19, 2012

Hello,

I need to know if Jira take security risks into account? which risks are detected in Jira compare to top10 security risks (https://www.owasp.org/index.php/Top_10_2010-Main)

3 answers

1 accepted

3 votes
Answer accepted
VitalyA April 20, 2012

Manuel,

I think Dennis meant me when he said "Chief Security Officer". I can assure you that whenever we discover a security vulnerability, we fix it as soon as we can, usually very quick. You can check our advisories at http://confluence.atlassian.com/display/SECURITY.

I would never go as far as to say "we are absolutely sure we are secure against any possible vulnerability". If any vendor tells you that they are, they are lying or ignorant.

Manuel Campomanes April 24, 2012

Sure, an application can't be secured against all, but I just wanted to know if Jira took security risks known into account. It seems to be the case.

Thanks for your responses.

BITS Trainees June 20, 2016

The link that you had provided in the answer is not working . Please check.

2 votes
Dennis Kromhout van der Meer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2012

Right now we are secure against each known security vulnerability. We also have a dedicated team and Chief Security Officer that focuses on hardening our tools, QA testing and risk management. As always, we highly recommend to update to the latest version of JIRA, especially when it comes to security patches.

Manuel Campomanes April 19, 2012

Thank you for your clarification.

Dennis Kromhout van der Meer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2012

No worries! Feel free to email me at dennis@atlassian.com if you have any security sensitive questions regarding our products :)

0 votes
Deleted user July 9, 2018

JIRA is not compliant with IRS 1075 nor offers field level security unless you leverage an add-on.  This tells me that the security risks being mitigated are not holistic and will leave you open. 

Suggest an answer

Log in or Sign up to answer