Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Seeking Insights: Navigating the Bugcrowd Bug Bounty Program as a Cloud App Developer

DPK
DPK March 9, 2024

Hello everyone,

I recently launched a jira cloud application that's started to gain traction. However, for wider adoption, it needs to be cloud certified, prompting us to join Bugcrowd's bug bounty program. This entails a significant investment of $5k for rewards across various issue priorities. The thought of having over 100 researchers scrutinizing the app is daunting, yet I'm optimistic about not encountering severe vulnerabilities (P1-P3)... maybe I am naive. I'm interested in hearing about others' experiences with this program. How did it impact your app's security and market trust? This initiative is crucial yet challenging for our small startup. The worse case scenario would be multiple p1-p3 raised in the first days the bug bounty goes live but I think unlikely considering cloud based apps are also internally scanned by Atlassian? 

Any shared experiences or advice would be greatly appreciated.

Answer
Watch
Like # people like this
437 views

2 answers

2 accepted

Suggest an answer

Log in or Sign up to answer
2 votes
Answer accepted
Thorsten Letschert _Decadis AG_
Thorsten Letschert _Decadis AG_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
March 11, 2024

Hey,

Welcome to the club.

I'd definitely support engaging in this program for several reasons:

Although I do not know what your app is about, I'd recommend re-checking on proper authentication and remediation of everything related to user inputs and XSS to have a smooth start.

Cheers,
Thorsten

Reply
2 votes
Answer accepted
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 9, 2024

@DPK -

Although we are just customers of Atlassian using Jira/JSM products and not application development vendors, third party vendor's participation in the Bug Bounty program with Atlassian is one thing that we will always look for.  If a third party vendor are not an participate of the program, then we will not even consider their add-ons at all.

Take a look at the following Atlassian reference links on this program -

https://developer.atlassian.com/platform/marketplace/marketplace-security-bug-bounty-program/

https://www.atlassian.com/trust/security/report-a-vulnerability

https://community.atlassian.com/t5/Trust-Security-articles/Bug-Bounty-July-2023-Update/ba-p/2415834

Again, this is an important participation in our option.

Best, Joseph

Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events