When you visit the Atlassian Trust site, you will see how we describe our core pillars of security, reliability, privacy, and compliance. We aim to be as transparent as possible by publishing details of our security practices whether that’s information about our bug bounty, how we deal with security incidents, and more.
Many of you (vendors in the ecosystem) have been asking Atlassian to provide some best practices and guidelines around app security. Good news! We’ve recently published vendor and app security guidelines in the Marketplace docs:
https://developer.atlassian.com/platform/marketplace/vendor-security-guidelines/
The guidelines cover secure development for both server and cloud apps. You’ll also find many tips that will help you to improve the security posture of your company as a whole, such as securing your workstations, accounts, and infrastructure.
When installing Marketplace apps many companies are concerned about the extra risk they are taking on by using a new application or vendor. These guidelines can help you prepare for some of the more stringent security and risk checks that some customers might have as a part of their procurement process. This is especially prevalent in organizations that have subscribed to a certification such as ISO 27001 as vendor risk reviews are a core principle of that certification.
Have any questions or suggestions on the security guidelines? Please post them here.
p.s. You’ll also notice that these security guidelines are part of a whole new section in the Marketplace docs, titled “Data Privacy and Security” – where there are a couple of other new guides, such as one on data privacy that I posted about a short while back.