Earn badges and make progress
You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Participate in fun challenges
Challenges come and go, but your rewards stay with you. Do more to earn more!
Gift kudos to your peers
What goes around comes around! Share the love by gifting kudos to your peers.
Rise up in the ranks
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Come for the products,
stay for the community
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Updates to Atlassian's Ecosystem Security Bug Bounty Programs
Hiya everyone! I’m Jake. I'm a new Product Manager on the Ecosystem Security team located in Jersey City, New Jersey
. In my role, I will focus on all of Ecosystem’s Security Programs, and building relationships with our partners. I’m dedicating my first post to an exciting announcement for one of these programs, which you can read below!
Starting today, September 1, 2021, Atlassian is taking two of its Bug Bounty Programs public! The Atlassian Marketplace Vulnerability Disclosure Program and the Atlassian Ecosystem Program will now accept submissions from all Bugcrowd researchers, as opposed to a limited set of invitees. Additionally, we are changing the name of the Atlassian Ecosystem Program to ‘Atlassian-Built Apps Bug Bounty Program,’ in order to further clarify the scope of this program in its title.
The initial success of this program has made a big impact; over the past year, Atlassian and our partners have patched over 140 vulnerabilities discovered through both programs, and Atlassian has paid nearly $40,000 in rewards through the Atlassian-Built Apps Bug Bounty Program. Accepting more researchers to these programs is a critical step forward in marketplace security, and a clear indicator of the continued success of bug bounties.
Overall, this move expands the presence of these programs, deepens our efforts to identify and address vulnerabilities, and reflects our commitment to the security of our marketplace, our apps, and our partners' apps.
Additionally, the Marketplace Security Bug Bounty Program continues with momentum. As of today, there are 134 total Marketplace Programs, a few which are public, as well. These programs compliment our efforts to leverage bug bounties as a tool for securing the marketplace by empowering partners to create programs themselves. As a reminder, Atlassian rewards partners who host their own bug bounties by giving them the Cloud Security Participant Badge in the Atlassian Marketplace. If you are a partner interested in taking your own program public, please submit this form - we highly recommend it!
As a refresher, I’ve summarized the goal and scope of the three aforementioned bug bounties below:
Atlassian Marketplace Vulnerability Disclosure Program (VDP).
-
To discover and patch vulnerabilities in all marketplace listed cloud apps built by partners and developers.
-
This program is going public!
Atlassian-Built Apps Bug Bounty Program (formerly known as the Atlassian Ecosystem Program).
-
To discover and patch vulnerabilities in all marketplace listed apps built by Atlassian.
-
This program is going public!
Marketplace Security Bug Bounty Program.
-
To empower partners to host their own bug bounty programs that meet Atlassian’s requirements, listed here.
Was this helpful?
Thanks!
Jake Comito
2 comments