Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

July 2020 - June 2021 Atlassian Annual Bug Bounty Report

As we highlight each quarter, we maintain an always-on bug bounty to identify and triage security vulnerabilities in our products and services. Many customers ask us for ‘penetration reports’ or similar - a report from a third-party that shows that we are testing the security of our own products and services.

We believe our always-on bug bounty, with more than 1200+ security researchers (think : extension of our own team) provides better value than a couple of people for a week or two. We have published our perspective on the differences in penetration tests versus vulnerability assessments versus a bug bounty program on our Approach to Security Testing page on our external website.

This year, we are publishing for the first time an in-depth whitepaper detailing a full year of statistics and information about our bug bounty program. The whitepaper includes statistics and data for the July 2020 to June 2021 timeframe, which is Atlassian’s fiscal year.

We published this whitepaper about our Bug Bounty programs to give our customers a view on progress of the program and some details of the vulnerabilities that were discovered. For many customers, these reports can take the place of a penetration test report, and shows that we are actively managing and resolving any security issues that are in found our products or services.

Stats for the year

In the July 2020 to June 2021 timeframe, we had 77 individual security researchers contributed to our bug bounty program, with a total of 348 valid vulnerabilities. The highest reported vulnerability severity was Medium, which accounted for nearly two-thirds of the valid vulnerabilities. The top three vulnerability types most found were cross-site scripting (XSS), broken authentication and session management, and improper authorization, which collectively accounted for 57% of valid vulnerabilities. Total payout of the bug bounty program for the July 2020 to June 2021 timeframe was $258,350 USD.

Download the annual bug bounty report

The July 2020 to June 2021 Annual Bug Bounty Report can be found on our Security at Atlassian main page.

1 comment

Huwen Arnone
Solutions Partner
Solution Partners provide consulting, sales, and technical services on Atlassian products.
Oct 01, 2021

This has been definitively a great initiative from Atlassian, and a win-win situation for all the implied:

  • Atlassian builds more trust and offers a better value to the customer.
  • The customer gets more value from their purchases.
  • Atlassian Marketplace vendor participants in the Bug Bounty initiative (like us with Exporter Cloud and Projectrak Cloud) get quality insights to enhance the security from their apps.

This report is very insightful. I think the overall "Stats of the year" paragraph sum it up pretty much great.

From a vendor perspective: Since November 2020, we've had 10 vulnerabilities reported in total since, all of them with a vulnerability severity of Medium.

Thank you very much for sharing @Bill Marriott 


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events