I welcome the change to the Cloud Fortifield and Cloud Security Participant programs!
But I do have some questions:
Why only these companies, and no support for AI driven Pen tests?
I’m a user of the Aikido Security platform, that can also perform Pen tests using AI.
If AI driven Pen tests would be allowed then this would make the A4A program inclusive to more partners.
How do you envision this being verified? Is Atlassian going to believe the “checkbox-checker” on the colour of his/her eyes? Will Atlassian engineers need access to app source to verify this? Or will the Developer Console metrics be used for this?
Same as above, how is Atlassian going to verify this?
How does this impact the use of current Forge packages that use deprecated packages?
What is the difference between 1.5 All data at rest must be encrypted and 1.9 Any Atlassian end user data stored outside the Atlassian product or users’ browsers must use full disk encryption at rest?
If 1.5 relates to the app vendor infrastructure and 1.9 related to the users system, then how can an app vendor ensure full disk encryption?
The biggest question is: How is Atlassian going to verify all the requirements?
Looks very ambitious to me. With all the other changes coming to partners, in Q1 of 2026, this looks to be a hard one to include in that timeframe.
Yes, but costs is a big factor for us.
I was looking to onboard Pen Testing from Aikido Security which is AI driven, but seeing its excluded here, makes me wonder if that is the right path.