Note: The original article posted by Ethan Dodge can be found here.
In July 2017, Atlassian renewed our commitment to provide best of industry security and launched our Bug Bounty Program. By putting our trust in security researchers, we have experienced tremendous success, having rewarded nearly 400 vulnerabilities and over $400,000 total. In fact, we were named “Program of the Year” in Bugcrowd’s Annual Buggy Awards in both 2018 and 2019.
We are grateful to all the responsible security researchers who have made our program so successful and our infrastructure more secure. We believe strongly that such researchers, through their participation in bounty programs, make the internet a much safer place for everyone.
At Atlassian, we are concerned that some researchers participating in other programs have found themselves threatened with legal action after acting in good faith. We are thrilled by and thankful for the research of Amit Elazari and her #legalbugbounty movement discouraging such behavior by prompting corporations to place “safe harbors” in their program rules and commit not to prosecute researchers acting in good faith.
Today, Atlassian is proud to announce our adoption of a safe harbor clause in our program rules. We hope with this action that researchers will find peace of mind and know they are trusted. So long as they are acting in good faith and following all other rules of our bounty program, they will never face any legal repercussions from Atlassian.
Atlassian will always remain committed to providing great security and we hope this safe harbor clause will help progress that mission. We encourage other corporations to aide in the effort of making the web more secure and adopt similar measures.