Introduction
We have been receiving a significant number of security questionaires from our users.
We thought it will be good to share our thoughts and actions taken publicly.
Security should not be compromised
Security is a continuous race rather than a one-time effort.
Prevention is better than cure. It takes more effort to fix security issues than to prevent them.
We have been integrating reasonable security practices in our design and development process
We have periodic security awareness reminders to our team because they are the best enforcement agents
We are participating in the Atlassian Marketplace Security Bug Bounty Program
We are working to add our Cloud apps to the Atlassian Cloud Fortified Apps Program gradually
Privacy is our priority
We value everyone’s privacy just like our privacy
We do not put customer logos on our website
We believe we can get creditability with over 9000+ installs for 35 apps in Atlassian Marketplace
We do not post photos of our employees on our social media
An example is we are using avatars in Our Engineering Team on our website
Security by Simplicity
Security is a heavy responsibility and user data is a big liability.
Even big companies with huge investments in security are being challenged from time to time.
Since we want to be agile and focused on building useful software, we defined boundary markers for ourselves to keep things simple.
We try to keep our processes simple instead of having tons of lengthy policies that is difficult to regulate
We avoid liabilities and risks that is unnecessary and whenever possible
We do not have user analytics in our apps (both for Cloud and Data Center apps)
We do not build apps that process or store user data at our end
That is a key reason why some of our DC apps do not have a Cloud edition
Our Forge apps do not have data egress except for Tissue for Jira Cloud
