Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group
Highlighted

Jira Release Documents

Team,

We have given our Jira Cloud access to clients to track tickets in Jira. As per their CyberSecurity policy and release management policy, client wants to register it as new release and asking us to share relevant release documents for Jira.

Also, their Security team need to perform Pentration testing and code/Architecture review. Can you help with Jira release documents if any.

1 comment

Hi Rajeev

Atlassian does produce a blog and announcements of changes to Jira Cloud but these aren't in the form of release notes due to the frequency of releases.

It's always best to get permission from a vendor before a pen test and you might want to point your client's security team to Atlassian's bug bounty program and its scope to decide if they want to Pen test and its valid boundaries. 

All the publicly available security documents are published by Atlassian here https://www.atlassian.com/trust/security

To be honest, I don't really know why they would want to do a code/architecture review on a Cloud system, it's not standard within the industry. Most security teams require CAIQ and possible ISO 27001 or SOC 2 reports/certifactions. All theses are published in the link above

Like # people like this

Hi @Rajeev Scaria - 

We now allow customers to perform their own vulnerability scans or penetration tests of our infrastructure or applications. You are welcome to review the results of our Bug Bounty program at our Security Practices page : https://www.atlassian.com/trust/security/security-practices#bug-bounty
See our announcement allowing security assessments of our cloud products : https://community.atlassian.com/t5/Trust-Security/Security-Assessments-for-Atlassian-Cloud-Products/gpm-p/1285129
Review rules for our Security Assessment program : https://www.atlassian.com/trust/security/penetration-testing

As for Jira Cloud Release Notes, see : https://community.atlassian.com/t5/Jira-Software-questions/Release-notes-in-Jira-Cloud/qaq-p/653264 

Like # people like this

Thank you Alan and Bill for your valuable comments.

Comment

Log in or Sign up to comment
TAGS