Security Policy

Owned by Develop Manager
Mar 21, 2024
1 min read

Allocation of responsibilities

OUR apps are built on Atlassians cloud platform technology Forge. This means that YOUR data does not leave the Atlassian infrastructure!
WE are aware of the importance of security and take responsibility for the security of OUR app.

Atlassian’s role

Important: All general security topics when using Atlassian's cloud instances and additionaly thus the use of the Forge app are handled by Atlassian.

Atlassian uses the concept of “Secure by Design”. This has several aspects:

  • Authentication and authorization

  • Data protection

  • Application security

  • Vulnerability management

  • Least privileged access

  • Least data egress

  • Use Atlassian's infrastructure

See also a high-level overview of Forge platform security.

OUR role as App Developer / Vendor

To make the overall concept work there are some duties for App developers, where WE make sure that they are fulfilled on app level.
This includes the following measures:

  • WE implement suitable mechanisms to verify the identity of users and to restrict their access authorizations within the app.

  • WE only grant the app the minimum permissions required for its functionality.

  • WE validate all user input data to ensure that it is secure and does not contain malicious code.
    WE implement measures to prevent cross-site scripting (XSS) and session hijacking.

  • WE have processes in place to identify, report and fix security vulnerabilities in OUR app. WE inform Atlassian immediately of any security vulnerabilities that could affect OUR app.

 

Please contact US if you notice any security gaps!