Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Security is at the foremost in how we design our apps. Therefore we would like to mention some of the steps we’ve adopted

Security is very important to the BulkOps app for Jira (Pro) and its users and we're committed to responsible reporting of security-related issues. Please help to report any security issues with this app.

Code Scanning

We regularly scan our code for any potential security vulnerability and we check all dependencies for any impact on vulnerability before committing such changes to the release version. We use a number of tools to perform such scans such as Codacy and http://Snyk.io to monitor for any potential security vulnerability and provide mitigation measures where necessary. We regularly scan our code base to ensure best practice in writing code and mitigating any known threats relating to the use of certain code structure.

Confidentiality

Our users should rest assured that there's no interaction or storage of end-user data. Any information supplied to the app is processed immediately and discarded and no end-user data is stored. Access to log data is restricted to the administrator of the app and all those information are confidential.

Testing

We run automated and user-based tests for any update and upgrade that is done on the app, we use apps such as Travis-ci to perform automated tests when updates are done. We check for vulnerabilities within dependencies to know and understand if it impacts the app in any way or form. If there are impacts, we provide mitigation steps to remedy the issue.

Disaster Recovery

Daily backup of the database is done in privately encrypted servers. This database is used to store log data used in the audit log feature. This database does not store any end-user data or any uploaded file data.

Bug Bounties

We appreciate all efforts taken to keep this app safe for use and we encourage the report of such vulnerability if found. However, the BulkOps app for Jira (Pro) does not run any bug bounty programs at the moment

Disclosing Security Issues

The process we've adopted to take security issues from private to public involves multiple steps. Approximately one week prior to public disclosure we provide a security advisory. For our users, we'll typically perform an update automatically with the fix to the vulnerability as soon as possible once, we've detected it.

High

Medium

Low

Remote code execution

Broken authentication

Data exposure

SQL injection

Cross site scripting (XSS)

Unvalidated redirects

Cross site request forgery (CSRF)

Reporting security issues

  • No labels