Security at Atlassian

Security is a top priority.


Security practices

We follow extensive practices to track and protect your information through a comprehensive controls framework. Learn why thousands of customers trust us to protect their most valuable data.

Compliance certifications

Learn more

PCI DSS Compliant
Cloud Security Alliance
Information Security Management System Certified

Strong data encryption

Our Cloud services data is encrypted using Transport Layer Security (TLS) with Perfect Forward Secrecy (PFS). Atlassian's implementation of TLS uses strong ciphers and key-lengths by default.

Rigorous security testing

Our security testing program includes threat-modeling, manual code review, automated scanning, and third-party assessments. Our bug bounty program is the cornerstone of security testing for each and every Atlassian product.

Breach detection and monitoring

We have a security monitoring team dedicated to detecting signs of a data breach. Our security practices are constantly evolving in order to address new types of security threats and further strengthen our detection capabilities.

Whitepaper: Why security is a shared responsibility

When it comes to keeping your data secure, we're both on the same team. Read what you can do to help.

Frequently asked questions

Is our data encrypted? How are passwords stored? Find answers to our top security questions.

Atlassian Bug Bounty

We've partnered with Bugcrowd to add an additional layer of security to our products by rewarding unique vulnerability research. If you've found a vulnerability, disclose the issue to our security team through our bug bounty program.

Security news and advisories

We issue advisories when security bugs are discovered so that you can take action. Learn more about when we publish security advisories and how we determine severity levels.

Keep your server secure

Learn how to configure security options on your own server.

Latest security news

7 non-negotiable security practices for any cloud product

Implementing security best practices for your cloud products might feel like you’re playing a game of chess against a chess grandmaster. You think you need to know the most complex strategies and plan ten moves in advance, but in reality, you’re playing against a 3rd-grade checkers player.

While sophisticated security attacks do happen, it’s more likely that someone will break into your system using a simple phishing attack or they will crack one easy password and then figure out that people in your organization are using the same passwords over and over.

Behind the scenes of our security incident management process

On the security team, we don’t manage any Atlassian products like other Atlassian teams do. Our main product is trust, and that’s a job that’s never finished.

We’ve published detailed information about how our team responds to security incidents in the Trust section of the website.

Atlassian urges changes to Australia’s Assistance and Access Act

Atlassian, in partnership with advocacy group StartupAUS and other Australian technology companies, has formally submitted a set of recommended improvements to the Telecommunication and Other Legislation Amendment (Assistance and Access) Act 2018, a law that was hastily approved by the Australian government in December 2018.

Atlassian Bug Bash

We invited the world’s best white hat hackers to come to Sydney to help Atlassian break our products.

Atlassian Products & Services and CVE-2018-11235 & CVE-2018-11233

We are aware of several security issues that were recently fixed in Git. 

Security questions?

We’re here and ready to answer all of your questions about Atlassian Security.