You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We maintain an always on bug bounty to identify and triage issues in our products and services. Many customers ask us for a copy of a recent ‘penetration reports’ or similar - basically a report from a third-party that shows that we are testing the security of our own products and services.
We believe our always-on bug bounty, with more than 1200+ security researchers (I think of them as an extension of our own team) provides better value than a couple of people for a week or two. We also recently published our thinking on the differences in penetration tests versus vulnerability assessments versus a bug bounty program on our Approach to Security Testing page on our external website.
Once a quarter, we publish a roll-up report from each of our Bug Bounty programs to give our customers a view on progress of the program and the vulnerabilities. For many customers, these reports can take the place of a penetration test report, and shows that we are actively managing and closing any security issues that are in our products or services.
If you have customers asking for a penetration test report, point them out to the Approach to Security Testing page, where (down at the bottom) we have published reports for Atlassian (including Jira, Confluence, Bitbucket and more), Statuspage, Trello and Opsgenie. We have also published the same links out to our Trust FAQ, where we have posted these reports in the past.