Reading Time: 5 min

Like you, the Atlassian Marketplace has an understandable obsession with security in the cloud. Their Marketplace security programs and tools hold Marketplace apps to the highest security standards. Why? Because customers and developers need the highest compliance and security requirements. Especially when migrating and living in the cloud. Here’s what you need to know about cloud security for Atlassian apps in general.

And for draw.io in particular.

Cloud Fortified

The Atlassian Marketplace Self-Assessment Program ensures enterprise-class security practices for cloud apps. Participants in the Self-Assessment Program complete an annual security assessment. That assessment is reviewed and approved by Atlassian. Only successful participants in this program get a Cloud Fortified badge.

The Cloud Fortified Program is designed to suit the high demands of enterprise customers. But security like that doesn’t only benefit the big guys. Smaller outfits all the way down to startups can also benefit. They can all get the same peace of mind that draw.io is the only secure diagramming application to meet Atlassian’s new Cloud Fortified security standard.

Bug Busters

Atlassian’s Marketplace Security Bug Bounty Program is a powerful security tool. It helps detect vulnerabilities in services and applications. It lets participating Marketplace Partners strike down security risks before they arise. How? It incentivizes security researchers to hunt down vulnerabilities. The Bug Bounty Program exists to improve the security of Atlassian Marketplace apps. And it works by using crowdsourced vulnerability discovery methods.

We have a zero-tolerance policy when it comes to bugs. So draw.io is (of course) a proud participant in the Bug Bounty Program. If bugs ever come up, our average in getting rid of them is only 1.23 days.

Additional Atlassian security programs

Atlassian’s Vulnerability Disclosure Program gives customers and security researchers a way to inform Atlassian and Marketplace Partners about cloud app vulnerabilities.

The Atlassian Ecosystem security team runs the VDP program. The Bugcrowd platform hosts it. When a customer or security researcher discovers an app vulnerability, they report it through VDP. The Bugcrowd Application Security Engineering (ASE) team then reviews it. They pass on any confirmed reports to Atlassian. And they review and forward them to the respective partner.

But Atlassian doesn’t just wait for others find vulnerabilities. Their Ecoscanner platform performs ongoing security checks on all Marketplace cloud apps. Atlassian’s Ecoscanner ensures the security of their ecosystem. How? By continuously looking for common security vulnerabilities.

But you need to know that any bugs will be taken care of now, not later. That’s why Atlassian requires all Marketplace Partners to follow specific security bug fix SLAs. That’s for any app listed on the Atlassian Marketplace. If any of the above measures detect a vulnerability, partners must address it in a timely manner:

draw.io security

We invest a lot of effort to go along with the Atlassian standards on security, but we even go further.

Of course, your diagram data is stored in Confluence Cloud only. Some features (e. g. exporting a PDF file) are not natively supported by your browser, so an additional server is needed. We enable you to define the server endpoints yourself (for details, see our draw.io’s Data Governance post).

Of course you may not want any data transmission aside from the communication between your browser and Confluence Cloud. If so, you can use the lockdown option to disable all features requiring additional endpoints. (More on that in the above-mentioned post as well).

For more information on how we do security, check out this post on draw.io Security in Atlassian Cloud.

And if you want to know more about draw.io in general, visit our YouTube Channel for a constantly updated playlist of how-to videos. Visit our one-stop tutorial shop to pick up all the ins and outs of draw.io diagramming. Or book a free demo to learn more about the limitless ways in which draw.io can make life easier and more productive for you and everyone in (and outside) your company!