Hi Mark,

I should start by saying that I don't work for Atlassian and these are my views.

It's unlikely that current Atlassian Labs apps will move to be supported. Often these products are the output of Atlassian's ShipIt days. Teams will get together to build something quickly to solve one small problem. In some cases, they're good enough to ship, as you've seen with the two apps you've listed. Supporting apps long term takes time, effort and resources, something that Atlassian have not yet deemed important for some things. As apps move to different platforms (apps will be moving to Atlassian Forge, for reasons of security, data sovereignty among others), refactoring and migrating will consume resources on their otherwise full roadmaps. For other Atlassian apps in the middle of their radar, e.g. Portfolio for Jira, the team will throw significant resources to ensure new features are being rolled out, and ensure support staff are versed on the latest developments.

Depending on what your security team are looking for, there may a number of avenues. I can think of two for now.

Does your security team have a policy on open source software? If the source code is published, is this acceptable? The security team can have a look under the hood here - https://bitbucket.org/atlassian/whoslooking-connect/src/master/ - and perform an audit themselves. I don't have a publicly accessible link for My Reminders.

For My Reminders, there is a commercial alternative which is supported - Reminders for Jira . That said it's developed by a third party, and this vendor will need to be appropriately vetted (in particular, security teams seem to raise eyebrows that the developers are Russian, and that may pose more risk).

Hope that helps!