Atlassian Blog

Why we’re letting 60,000 Bugcrowd security researchers ethically hack us

At Atlassian, security is baked into the product development lifecycle. We employ an entire team of security engineers who build threat models, review code, and test our systems. Building and maintaining products that keep our customers safe is a team effort.

Our first public bug bounty program run through Bugcrowd

Today, we’re launching Atlassian’s first bug bounty program. We’re adding Jira and Confluence Cloud to the existing programs for Trello and Statuspage, and will soon expand to additional cloud as well as self-hosted products in the months to come. Our new public bounty program will eventually replace the private disclosure program the Atlassian Security Team has been running for a few years through our Jira Service Desk. The original program has grown significantly since it started, and with the added complexity of managing over 14 product lines, we decided it was time to turn to an expert, Bugcrowd, to help supercharge our program.

With Bugcrowd, provider of crowd-sourced security testing, Atlassian’s security team adds nearly 60,000 external cybersecurity researchers. This highly capable community is constantly testing our products, using well-defined guidelines and a safe testing ground to perform their research. Their results are shared through a standardized reporting mechanism, and Bugcrowd’s application security engineering team handles the initial triaging and vulnerability validation.

For more information about our bug bounty program and to see the scope of the program, please click big green button!

Check out the bug bounty program

Security @ Atlassian

We believe transparency is core to building trust between Atlassian and our customers. Today’s launch of a public bug bounty program is part of our ongoing effort to build awareness and knowledge around cybersecurity and safe practices. Here are a few additional resources to check-out from the Atlassian Security Team: