Bug Bounty Program

A secure marketplace

In an effort to build more trust for its apps ecosystem, Atlassian initiated an Ongoing Bounty Program. It is a project where security researchers are commissioned through Bug Crowd to discover product vulnerabilities.

Always on non-traditional testing

When compared to a traditional app penetration test that only requires a couple of personnel to conduct at least once a year, Bug Bounty is far more meticulous and consistent as it is an ongoing project subject to the scrutiny of at least 1,000 researchers.

Atlassian-compliant

beecom has submitted JSU Automation Suite for Jira Workflows, to the Bug Bounty Program to meet the quality standards of Atlassian and to also ensure that JSU constantly improves and remains fully-protected at all times.

jsu-bug-bounty-image-anim

The first phase ran on March 12, 2020 for JSU Server. There were minor vulnerabilities discovered: Cross-site scripting and Cross-site request forgery

To counter these bugs, we have created proper validation and sanitized all input fields in case admin users add harmful javascript into a field.

We have also used CSRF token which will be newly-generated for each request and consequently validated in case there is a harmful javascript update on a configuration field like in a Google Maps key.

As soon as the team was made aware of these 2 types of vulnerabilities, we immediately fixed it and released a new version in 2 days. (See Release notes 2.21.1 for Security improvements.)

 

The JSU team have your security as a high priority. If you have any question, feel free to reach out to us on the Service Desk.

„Rest assured, the beecom team will always be on top of newly-discovered bugs to deliver you a safe and secure JSU app.“

Stefan Forstmoser, Head of Products, beecom ag