Hi @PhilipGrove,
Can you please provide an update on RFC-124, and more specifically with regard to the timelines of CFA and CSP badge retirement?
Cheers,
Remie
5 Likes
Hey @remie, my apologies for the delay in responding, I have been out of the office for the past couple of weeks. Thanks for following up on RFC-124, your timing is perfect! I am in the process of finalising a follow-up RFC outlining the updates we are making to the new trust program based on partner feedback and detailing how we plan to validate/verify each requirement. I will be looking for partner feedback on these validation/verification steps.
I hope to have this follow-up RFC published very soon.
more specifically with regard to the timelines of CFA and CSP badge retirement?
The Cloud Security Participant (CSP) badge was retired at the end of March (changelog annoucement).
We don’t have a definitive date for the retirement of CFA as yet, but it won’t suddenly go away when we launch the new trust program. We expect the two programs to co-exist for a period of time while partners with eligible apps move from one to the other.
I will be presenting a session on Marketplace trust (with more information on timelines etc.) at Partner Accelerate in May if you will be attending.
Cheers, Phil.
1 Like
Wouldn’t it have been more appropriate to retire the CSP badge when the new trust program is ready?
We previously relied on the CSP badge to stand out in a crowded marketplace segment where we have lots of competing apps.
That differentiator disappeared on 1 April and now you’re saying there’s another RFC to finalise the details of the trust program?
Atlassian does realise that there are people’s businesses and livelihoods behind some of these decisions? At times it really seems like they don’t.
3 Likes
$5k/app/yr pentesting requirement from an approved vendor list is a bizarre decision. I get that it’s not the intent but it’s indistinguishable from a cash-for-badge scheme.
Those vendors are obviously going to use AI to do automated pentesting while Atlassian continues to declare that the models are not good enough for the task.
I think its pretty clear that whatever this program will be, there needs to be a Trust Program between Atlassian and the ecosystem vendors very soon.