Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Updates to Atlassian's Ecosystem Security Bug Bounty Programs

Hiya everyone! I’m Jake. I'm a new Product Manager on the Ecosystem Security team located in Jersey City, New Jersey:pizza:. In my role, I will focus on all of Ecosystem’s Security Programs, and building relationships with our partners. I’m dedicating my first post to an exciting announcement for one of these programs, which you can read below!

Starting today, September 1, 2021, Atlassian is taking two of its Bug Bounty Programs public! The Atlassian Marketplace Vulnerability Disclosure Program and the Atlassian Ecosystem Program will now accept submissions from all Bugcrowd researchers, as opposed to a limited set of invitees. Additionally, we are changing the name of the Atlassian Ecosystem Program to ‘Atlassian-Built Apps Bug Bounty Program,’ in order to further clarify the scope of this program in its title.


The initial success of this program has made a big impact; over the past year, Atlassian and our partners have patched over 140 vulnerabilities discovered through both programs, and Atlassian has paid nearly $40,000 in rewards through the Atlassian-Built Apps Bug Bounty Program. Accepting more researchers to these programs is a critical step forward in marketplace security, and a clear indicator of the continued success of bug bounties.


Overall, this move expands the presence of these programs, deepens our efforts to identify and address vulnerabilities, and reflects our commitment to the security of our marketplace, our apps, and our partners' apps.


Additionally, the Marketplace Security Bug Bounty Program continues with momentum. As of today, there are 134 total Marketplace Programs, a few which are public, as well. These programs compliment our efforts to leverage bug bounties as a tool for securing the marketplace by empowering partners to create programs themselves. As a reminder, Atlassian rewards partners who host their own bug bounties by giving them the Cloud Security Participant Badge in the Atlassian Marketplace. If you are a partner interested in taking your own program public, please submit this form - we highly recommend it!


As a refresher, I’ve summarized the goal and scope of the three aforementioned bug bounties below:

Atlassian Marketplace Vulnerability Disclosure Program (VDP).

  • To discover and patch vulnerabilities in all marketplace listed cloud apps built by partners and developers.

  • This program is going public!

Atlassian-Built Apps Bug Bounty Program (formerly known as the Atlassian Ecosystem Program).

  • To discover and patch vulnerabilities in all marketplace listed apps built by Atlassian.

  • This program is going public!

Marketplace Security Bug Bounty Program.

  • To empower partners to host their own bug bounty programs that meet Atlassian’s requirements, listed here.


marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Sep 02, 2021

Hi @Jake Comito ,

Can you also post in the Atlassian Developer Community: ?  This would reach developers willing to make their bug bounty program public.

Like # people like this
Jake Comito
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Sep 02, 2021

Hey @marc -Collabello--Phase Locked- ! Yes, I also posted there. Please see the link here. Thanks! 

Like Jodie Vlassis likes this


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events