Secure Cloud development: why we participate in Atlassian's Security program

Maybe you’ve noticed the new label on marketplace apps: “Cloud Security Participant”. Since July 2020 the new vendor program of the Atlassian Marketplace is active. One thing that has changed is the option to participate in a Cloud Security program. We decided to participate in the Marketplace Security Bug Bounty Program and recently attended the Marketplace Bounty Blitz with 50 other app vendors. Continue reading about all the details of the program and our motivation for participating in it.

What is the Marketplace Security Bug Bounty program?

A bug bounty program is a post-production tool to detect possible vulnerabilities in applications and services. Atlassian and Marketplace Partners (like us at Avisi Apps) collaborate on the continuous improvement of our Cloud Marketplace Apps by leveraging crowdsourced vulnerability discovery methods. The program is hosted on Bugcrowd, which is a platform specifically built to crowdsource vulnerabilities. Researchers will be testing our add-ons to discover and report potential issues. This report will be picked up assessed by the Bugcrowd team and will be passed to us if the vulnerability needs to be fixed.

Why do we participate?

Participating in the Marketplace Security Bug Bounty program helps us improving our security posture by letting skilled hackers and security researchers help us think outside the box.

The security of our Cloud apps will increase by participating, as external security researchers will check our Apps on a regular basis.

What does it mean for you as a customer?

The Cloud Security Participant label is shown on all our Cloud marketplace entries. All our apps available on Cloud participate in the program, as shown in the image below. Furthermore, Numbered Headings, User Directory API and Edit Custom Field Values on Server and Data Center are about to participate in the Bug Bounty Program.

As a customer, you will not notice any changes. But one thing that you can be sure about is that our Cloud and a selection of our Server apps are tested on vulnerabilities. For more information about security and Avisi Apps we refer you to our security policy: https://apps.avisi.com/security.

Carlo Jessurun