Atlassian offers up to US$3000 per bug in new bounty program

Atlassian offers up to US$3000 per bug in new bounty program

Partners up with Bugcrowd

Atlassian founders Mike Cannon-Brookes and Scott Farquhar

Atlassian founders Mike Cannon-Brookes and Scott Farquhar

Credit: Atlassian

Atlassian is set to offer security researchers up to US$3000 ($3906) per bug in its very first bug bounty program to be run through Bugcrowd.

Bugcrowd, a crowdsourced security testing firm, will tap into its community of nearly 60,000 cybersecurity researchers for continuous testing of Atlassian’s collaboration tools.

The testing will begin with Atlassian's JIRA and Confluence cloud products, with plans to expand the scope to additional Atlassian cloud and server products in the months to come.

Financial rewards with be dished out to security researchers for each bug identified, depending on the impact and severity of the vulnerabilities identified on its JIRA and Confluence platforms.

This news follows the integration of Bugcrowd's Crowdcontrol platform and JIRA to improve the application security workflow from start to finish, and the success of Atlassian’s private bug bounty program.

Atlassian expects the partnership with Bugcrowd to reinforce the security of the company's products and strengthen its vulnerability management program.

"The economics of bug bounties are too overwhelming to ignore," Atlassian head of security, Daniel Grzelak, said.

"Our traditional application security practice produces great results… but the breadth and depth of post-implementation assurance provided by the crowd completes the secure development lifecycle. Multiplying the specialisation of a single bounty hunter by the size of the crowd creates a capability that just can't be replicated by individual organisations."

Bugcrowd founder and CEO, Casey Ellis, mentioned that expanding its bug bounty program enables Atlassian to tap into the security researcher community to help keep its products and customers secure.

"Organisations worldwide trust the productivity of their teams to Atlassian," Ellis said.

“By demonstrating its security posture, Atlassian is not only instilling confidence in the security of its products, it’s upholding one of the company's core values: transparency, and demonstrating a position of true leadership when it comes to the security of their customers,” he added.

The launch of the bug bounty program follows the discovery of a vulnerability on a third-party library that affected Atlassian’s HipChat team chat platform.  

Atlassian’s chief security officer, Ganesh Krishan, sent an email to users on 25 April, revealing that the company’s security intelligence team had detected an incident affecting the platform, that may have resulted in unauthorised access to some user account information.

The company then prompted a mass password reset for the company’s services not long after.

Atlassian also recently launched a new package of offerings for the enterprise market for easier products and services bundling for partners and customers and automation enhancements to its code management and continuous integration platforms.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags atlassianBug Bounty ProgramBugcrowd



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments