Security at Atlassian

Security is a top priority.

 

Security practices

We follow extensive practices to track and protect your information through a comprehensive controls framework. Learn why thousands of customers trust us to protect their most valuable data.

Compliance certifications

Learn more

SOC2
PCI DSS Compliant
Cloud Security Alliance
Information Security Management System Certified

Strong data encryption

Our Cloud services data is encrypted using Transport Layer Security (TLS) with Perfect Forward Secrecy (PFS). Atlassian's implementation of TLS uses strong ciphers and key-lengths by default.


Rigorous security testing

Our security testing program includes threat-modeling, manual code review, automated scanning, and third-party assessments. Our bug bounty program is the cornerstone of security testing for each and every Atlassian product.


Breach detection and monitoring

We have a security monitoring team dedicated to detecting signs of a data breach. Our security practices are constantly evolving in order to address new types of security threats and further strengthen our detection capabilities.

Whitepaper: Why security is a shared responsibility

When it comes to keeping your data secure, we're both on the same team. Read what you can do to help.


Frequently asked questions

Is our data encrypted? How are passwords stored? Find answers to our top security questions.

Atlassian Bug Bounty

We've partnered with Bugcrowd to add an additional layer of security to our products by rewarding unique vulnerability research. If you've found a vulnerability, disclose the issue to our security team through our bug bounty program.

Security news and advisories

We issue advisories when security bugs are discovered so that you can take action. Learn more about when we publish security advisories and how we determine severity levels.

Keep your server secure

Learn how to configure security options on your own server.


Latest security news

Atlassian Products & Services and CVE-2018-11235 & CVE-2018-11233

We are aware of several security issues that were recently fixed in Git. 

Update on Meltdown and Spectre Processor Vulnerabilities

In the first week of January 2018, a number of computer chip manufacturers confirmed critical vulnerabilities in their processors. Under certain circumstances, these vulnerabilities can allow an attacker to steal sensitive information, bypass security restrictions, and gain elevated privileges to client and server software.

Breach Detection at Scale with PROJECT SPACECRAB

We’ve released PROJECT SPACECRAB, an open source toolset that tips the balance in the right direction by enabling deployments of several thousand AWS honey tokens across your network and on every endpoint you own.

Hipchat Security Notice

Our security intelligence team detected a security incident affecting a server in the Hipchat Cloud web tier. The incident involved a vulnerability in a popular third-party library used by Hipchat.com. We have found no evidence of other Atlassian systems or products being affected.


Security questions?

We’re here and ready to answer all of your questions about Atlassian Security.