Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Bug Bounty July 2023 Update

We maintain an always-on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third party that shows that we are testing the security of our own products and services.

As part of our commitment to ensuring the highest level of security for our systems, we have expanded our efforts to include both penetration tests and our always-on bug bounty program. With over 1200+ security researchers actively contributing, our bug bounty program serves as an extension of our own team, providing continuous monitoring and testing for potential vulnerabilities. In addition, we have recently shared our insights on the nuances between penetration tests, vulnerability assessments, and bug bounty programs on our Approach to Security Testing page, which is publicly accessible on our external website. We believe that this comprehensive approach provides superior value when combined with targeted penetration tests that are also performed (we post updated Letters of Assessment for each penetration on our Approach to Security Testing, at the bottom of the page).

At the start of each quarter, we publish a roll-up report from each of our Bug Bounty programs to give our customers a view of the progress of the program and the vulnerabilities. For many customers, these reports can take the place of a penetration test report and shows that we are actively testing and identifying any security issues that are in our products or services.

Stats for the Quarter

In the April 2023 to June 2023 quarter, we had 228 individual security researchers contribute to our bug bounty program, submitting a total of 428 bugs for review, with a total of 97 valid bugs, which is an average of ~22% valid bug to noise ratio (with a low of 0% valid bug to noise ratio in our Halp program and a high of 67% valid bug to noise ratio in our Jira Align program) across our six independent bug bounty programs.

Compared to the January to March 2023 quarter, we had a 9% decrease in security researchers, 20% fewer bugs submitted for review, and a 21% decrease in valid bugs, with a lower bug-to-noise ratio by ~7.7%.

Get the Reports

If you have customers asking for a penetration test report, point them out to the Approach to Security Testing page, where (down at the bottom) we have published reports for Atlassian (including Jira, Confluence, Bitbucket, and more), Halp, Jira Align, Opsgenie, Statuspage, and Trello. We have also published the same links to the Security Testing section of our Security Practices page.

Download current test reports

These reports show the progress of our bug bounties for the January 2023 to March 2023 quarter. Any security vulnerabilities identified in the reports below are tracked in our internal Jira as they come through the Bug Bounty intake process and are closed according to the SLA timelines on our Security Bug Fix Policy.



Log in or Sign up to comment
AUG Leaders

Atlassian Community Events