Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,460,447
Community Members
 
Community Events
176
Community Groups

Updated Bug Bounty Reports

Edited

We maintain an always-on bug bounty to identify and triage security issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third-party that shows that we are testing the security of our own products.

Our position is, an always-on bug bounty, with more than 750+ security practitioners (I think of those researchers as an extension of our own team) provides better value than a couple of people for a week or two for a penetration test. If you missed our original announcement, go back and have a read.

We also recently published our thinking on our Approach to Security Testing page on our external website.

Once a quarter, our Security Team publish a roll-up report from our Bug Bounty program to give our customers a view on progress of the program and the vulnerabilities. For many customers, these reports can take the place of a penetration test report, and shows that we are actively managing and closing any security issues that we are aware of in our products and services.

If you want to review the reports, head out to the Approach to Security Testing page, where (down at the bottom) we have published reports for Atlassian (including Jira, Confluence, Bitbucket and more), Statuspage, Trello and Opsgenie for 1-Jan to 31-March. We have also published the same links out to our Security FAQ, where we have posted these reports in the past.

If you have any questions, reach out to our Support Team.

Cheers.

-Bill Marriott

Atlassian Trust & Security

0 comments

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events