Trust & Security

We've been busy as a team working through support efforts for instances affected by recent exploits arising from Confluence vulnerabilities published at: https://confluence.atlassian.com/doc/conflu...

Brian Hill started a discussion 3 4 April 17, 2019

We maintain an always-on bug bounty to identify and triage security issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third-p...

Bill Marriott started a discussion 2 0 April 2, 2019

Hey all, I have a question relating to the side-effects of the mitigation of this Confluence CVE. Specifically, the inability to see thumbnails of attached files after disabling the 'webDAV' pl...

Deleted user 0 6 April 2, 2019

Not too long ago, @Bill Marriott shared some tips for keeping your Atlassian cloud products secure. How do you manage users and maintain security for your Atlassian products? What are som...

lauren started a discussion 2 9 April 1, 2019

Hello! Checking in from the product security team.  Most of the time I'll be heads down in our infrastructure or code base, trying to systemically prevent or mitigate security issues. Lately I'...

uǝq started a discussion 4 1 March 28, 2019

Hi everyone! I'm Bill Marriott and I run the Trust & Security Program here at Atlassian. I’ve been publishing and answering questions about our overall Trust Program through the Atlassian ...

Bill Marriott started a discussion 9 2 March 19, 2019

Hi Atlassian community, I live in Europe and hence my usage of Jira (JSD) needs to be GDPR comliant. According to GDPR you should not send personal information via email (because it is not encrypte...

Sara Hallberg started a discussion 0 4 March 6, 2019

So, as a FDA regulated company we have to validate off-the-shelf software that we use, with some exceptions. We recently went through an audit and is was brought up that the validation of Jira (writt...

Mikael Sandberg asked a question 2 5 February 22, 2019

This is the second instalment on how Atlassian manages our risks and compliance obligations using Jira.   In Part 1 we created the issue types and the custom fields - now we need to create...

Guy published an article 40 40 September 24, 2018

Who am I? My name is Guy Herbert and I am part of the Risk and Compliance team at Atlassian.  I have been with Atlassian for about 5 years and have worked in Risk and Compliance for over 25 yea...

Guy published an article 47 13 September 24, 2018

This item make little to no sense to me. If it is a public forum/free application then that can make sense but in a corporate environment it makes no sense as there has to be abilities to have r...

Johan Lindgren started a discussion 0 3 June 19, 2018

With the new single sign on through my.atlassian for all cloud accounts we have run into an issue because we have two separate cloud accounts for two parts of our business. Because the feature set, ...

William Wynn started a discussion 54 31 May 5, 2017

Chromebleed is telling me our ondemand site is vulnerable to HeartBleed issue. When is this going to get fixed?

Rafael E. Santos asked a question 2 1 April 9, 2014