Trust & Security

...rofile Opsgenie Security Profile  Statuspage Security Profile Trello Security Profile In true Atlassian spirit, we believe that opening as many channels for our customers t...

pknowlton published an article 7 0 February 28, 2022

GDPR stands for General Data Protection Regulation. It is a privacy and security regulation, and it is considered one of the toughest in the world. GDPR came into effect in May 2018, impacting organi...

Andreas Springer _Actonic_ published an article 5 1 February 24, 2022

ISO/IEC 27001 Certification Update Overview The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a me...

Hema Vadodaria published an article 9 2 February 3, 2022

...psgenie Security Profile  Statuspage Security Profile Trello Security Profile In true Atlassian spirit we believe that opening as many channels for our customers to self serve is a more s...

Bill Marriott published an article 11 0 February 3, 2022

If you'd rather skip straight to the technical details, here's the blog post explaining how it all works. This post is the high-level story of how this technique was found, in which the story makes...

Alex Hope published an article 9 1 January 26, 2022

...ettings.json to set openUIOnStartupDisabled to true. (This can be done without root access.) When Docker Desktop starts, our malware will be running in a shell like this. root@docker-desktop:/# ls A...

Alex Hope published an article 22 0 January 26, 2022

Atlassian maintains submissions to the Cloud Security Alliance (CSA) STAR Registry for our major Cloud Services. The STAR Registry hosts the Consensus Assessment Initiative Questionnaire (CAIQ), whic...

Bill Marriott published an article 8 0 January 19, 2022

We maintain an always on bug bounty to identify and triage issues in our products and services. Many customers ask us for ‘penetration reports’ or similar - basically a report from a third-party that...

Bill Marriott published an article 7 0 January 19, 2022

Hi there, I use atlassian jira/confluence to stay in practice (Germany). Today I've got an e-mail from an unknown person (don't have any contacts to (?) Mexico - sure we're working on the www inter...

Peter Freyler started a discussion 1 1 January 14, 2022

Hello guys, I am using the Confluence but i do not know which email has the Global Permissions. Since the administrator created the trial and set up everything but now the roles somehow changed with...

Asrar started a discussion 2 1 January 10, 2022

G’day everyone and happy 2022!  My name is Filiberto Selvas and I’m a Principal Product Manager focused on data management and compliance in highly regulated industries ! At Atlassian, we unde...

Filiberto Selvas published an article 14 22 January 4, 2022

Overview System and Organization Controls (SOC) Reports are independent third-party examination reports that provide detailed information and assurance about controls in place at service organizati...

Amy Knapp published an article 11 15 December 21, 2021

After the discovery of the vulnerability of version 1.2.17 of Log4j when is Atlassian intending to add the latest version of Log4j as part of the standard on premise installation?

terence_wright_airbus_com started a discussion 0 2 December 17, 2021

On December 9, Atlassian became aware of the vulnerability CVE-2021-44228 - Log4j. Impact on Cloud Products This vulnerability has been mitigated for all Atlassian cloud products previously ...

Jodie Vlassis published an article 49 20 December 13, 2021

Hi everyone! Thanks to all who joined us for our webinar on Privacy, security, and compliance in Atlassian Cloud. If you missed it or weren’t able to catch the whole thing, you can view t...

Hosana published an article 4 1 December 13, 2021

hi, since the official statement about log4j is pretty brief (not to say lame), i'm looking for answers here. The vulnerability has been disclosed 4 days ago and still Confluence does not give any up...

Timo Hilbertz started a discussion 2 5 December 13, 2021

Atlassian’s 2020 reporting consisted of 8 SOC 2 reports individually attesting compliance for our cloud products. With each weighing-in at ~90 pages, we saw duplication of content, effort, inconsiste...

Amy Knapp published an article 8 3 November 30, 2021

Hello everyone, How you guys are mitigating Security Vulnerability CVE-2021-42574? I am still unable to understand the risk, impact and mitigation done by Atlassian. Is there any other workaround th...

Mayuresh Sakharape started a discussion 0 1 November 22, 2021

Hey there! If you’re looking for more tips and best practices for protecting your data and using Atlassian products securely and you’re part of the public sector, check out the Atlassian Governmen...

Mel Policicchio published an article 5 1 November 9, 2021

Hello! We know that security and data management are top priorities for you, so they remain a top priority for us. We’ve heard from many of you that BYOK (bring your own key) encryption is an importa...

Bhavya Nag published an article 14 1 November 3, 2021

Icarus Labs is Atlassian's experimental security research team. It’s inspired by research groups like Google's Project Zero and Facebook’s Red Team X (which research new vulnerabilities), but for any...

Alex Hope published an article 26 0 November 2, 2021

Atlassian Cloud 製品の管理者が 事業継続計画 (BCP; business continuity planning) を立案するときに役立つ情報を紹介します。   ■ 前提知識 システムにより担保されている回復性は アトラシアンによる顧客データの管理 をご参照ください。以降、本稿では各製品の管理者が行えるアクションを紹介します。 &n...

K. Yamamoto published an article 3 0 October 26, 2021

What are Standard Contractual Clauses (SCCs)? OnJun 4, 2021, an updated version of the Standard Contractual Clauses (or SCCs) was published by lawmakers in the European Union (EU) and they gave...

Bill Marriott published an article 4 6 October 26, 2021

Atlassian primarily relies on our Atlassian Bug Bounty Program and our own internal testing by our Security Engineers to test and identify security issues or vulnerabilities ...

Tanvir Ahmed started a discussion 8 1 October 24, 2021

We’re excited to announce that Trello has successfully completed their annual FedRAMP security assessment. For those not aware, Trello is now on its second year of having FedRAMP Tailored authorizati...

Miller published an article 9 0 October 21, 2021