they expect vendors to design apps that avoid hitting these limits in the first place even in a global pool
@PrinceNyeche Can you please share how you are planning to do this? How would you guard yourself against this scenario?
In addition, how are you going to prevent the scenario mentioned by @scott.dudley, where a single permissions check mandated by Atlassian security policy already consumes 1000 points?
Nobody disagrees with the statement that vendors should implement proper controls to avoid rate limiting issues, nor does anyone disagree that rate limiting is required. We all want Atlassian to operate a secure, reliable service.
But we have been consistently telling Atlassian that their current implementation is not an industry best practice, and that it has introduced a security issue as it creates a DDoS attack vector.
If you are saying that other vendors should level-up (even considering the incredible amount of experience this community has), I urge you to bring receipts and show us how you believe it should be done.