Our Security Philosophy

Introduction

We have been receiving a significant number of security questionaires from our users.
We thought it will be good to share our thoughts and actions taken publicly.

Security should not be compromised

Security is a continuous race rather than a one-time effort.
Prevention is better than cure. It takes more effort to fix security issues than to prevent them.

• We have been integrating reasonable security practices in our design and development process

• We have periodic security awareness reminders to our team because they are the best enforcement agents

• We are participating in the Atlassian Marketplace Security Bug Bounty Program

• We are working to add our Cloud apps to the Atlassian Cloud Fortified Apps Program gradually

• We have answered the questions in the Privacy & Security tab in the marketplace listing

• Atlassian is also performing Security Scanning to identify security issues to be fixed in a timely manner

  • Ecoscanner

  • Malware Scanner

  • Vulnerability Disclosure Program

  • Marketplace Security Bug Bounty Program

  • Security Scanner for Data Center apps

Privacy is our priority

We value everyone’s privacy just like our privacy

• We do not put customer logos on our website

  • We believe we can get credibility with over 9000+ installs for 35 apps in Atlassian Marketplace

  • We have been an Atlassian Partner since 2008

• We do not post photos of our employees on our social media

  • An example is we are using avatars in Our Engineering Team on our website

Security by Simplicity

Security is a heavy responsibility and user data is a big liability.
Even big companies with huge investments in security are being challenged from time to time.
Since we want to be agile and focused on building useful software, we defined boundary markers for ourselves to keep things simple.

• We try to keep our processes simple instead of having tons of lengthy policies that is difficult to regulate

• We avoid liabilities and risks that is unnecessary and whenever possible

• We do not have user analytics in our apps (both for Cloud and Data Center apps)

• We do not build apps that process or store user data at our end

  • That is a key reason why some of our DC apps do not have a Cloud edition

  • Our Forge apps do not have data egress except for Tissue for Jira Cloud