@amardesich - besides the shameless attempt to push Forge yet again, there wasn’t anything in particular that jumped out at me.
My personal experience is more like that of @dmitry.astapkovich - where we have to educate customers on security. In the past 4 years, we have received maybe 5 inquiries about security that were initiated by a customer. So, not saying your research is bogus, but I simply don’t have the same experience that your research indicates. Similarly, I work with a large marketplace vendor (top 20), and while they see more security related inquiries, the numbers are still really really low.
In terms of things you should be actioning but aren’t… well, that list is longer than you’d like, and let’s be blunt, Atlassian doesn’t really care. CDAC is a littered with threads where the community is asking for things to make everyones life easier, to no avail.
As a great (recent) example, just take a look at the recent thread about Data Center Approval changes, where Atlassian basically told us we now have to do more work in the name of security, but refused to share any of the tooling they already have, instead telling us we’re out of luck, and everyone needs to reinvent the wheel. I don’t quite know how I should reconcile that with this thread.
Thus, me asking what Atlassian is changing… that was more a curiosity to see if this is simple a fluff piece, or if there is actually tangible change that happens as a result of this research, and that I, as a Vendor/Developer, can subscribe to and keep track of.