Frequently we are asked questions about how we manage vulnerabilities in our products as well as in our platform. We do maintain standard processes for what we do when we discover a vulnerability in one of our products, largely dependent on the severity of the vulnerability itself.
We also commonly are asked which tools, if any, do we rely on to help us identify vulnerabilities.
We have published a new page on how we handle vulnerability management at Atlassian. You can consider this an addition to our previous publish specifically looking at how we think about any and all external testing.
Would love you hear any feedback on either of these pages.
Cheers.
-Bill Marriott
Atlassian Trust & Security