Like you, the Atlassian Marketplace has an understandable obsession with security in the cloud. Their Marketplace security programs and tools hold Marketplace apps to the highest security standards. Why? Because customers and developers need the highest compliance and security requirements. Especially when migrating and living in the cloud. Here’s what you need to know about cloud security for Atlassian apps in general.
And for draw.io in particular.
The Atlassian Marketplace Self-Assessment Program ensures enterprise-class security practices for cloud apps. Participants in the Self-Assessment Program complete an annual security assessment. That assessment is reviewed and approved by Atlassian. Only successful participants in this program get a Cloud Fortified badge.
The Cloud Fortified Program is designed to suit the high demands of enterprise customers. But security like that doesn’t only benefit the big guys. Smaller outfits all the way down to startups can also benefit. They can all get the same peace of mind that draw.io is the only secure diagramming application to meet Atlassian’s new Cloud Fortified security standard.
Atlassian’s Marketplace Security Bug Bounty Program is a powerful security tool. It helps detect vulnerabilities in services and applications. It lets participating Marketplace Partners strike down security risks before they arise. How? It incentivizes security researchers to hunt down vulnerabilities. The Bug Bounty Program exists to improve the security of Atlassian Marketplace apps. And it works by using crowdsourced vulnerability discovery methods.
We have a zero-tolerance policy when it comes to bugs. So draw.io is (of course) a proud participant in the Bug Bounty Program. If bugs ever come up, our average in getting rid of them is only 1.23 days.
Additional Atlassian security programs
Atlassian’s Vulnerability Disclosure Program gives customers and security researchers a way to inform Atlassian and Marketplace Partners about cloud app vulnerabilities.
The Atlassian Ecosystem security team runs the VDP program. The Bugcrowd platform hosts it. When a customer or security researcher discovers an app vulnerability, they report it through VDP. The Bugcrowd Application Security Engineering (ASE) team then reviews it. They pass on any confirmed reports to Atlassian. And they review and forward them to the respective partner.
But Atlassian doesn’t just wait for others find vulnerabilities. Their Ecoscanner platform performs ongoing security checks on all Marketplace cloud apps. Atlassian’s Ecoscanner ensures the security of their ecosystem. How? By continuously looking for common security vulnerabilities.
But you need to know that any bugs will be taken care of now, not later. That’s why Atlassian requires all Marketplace Partners to follow specific security bug fix SLAs. That’s for any app listed on the Atlassian Marketplace. If any of the above measures detect a vulnerability, partners must address it in a timely manner: