/
Security guidelines

Security guidelines

Security is at the foremost in how we design our apps. Therefore we would like to mention some of the steps we’ve adopted. For more information please see our privacy policy at https://elfapp.nl/privacy

Security is very important to the BulkOps Pro for Jira and its users and we're committed to responsible reporting of security-related issues. Please help to report any security issues with this app.

Code Scanning

We regularly scan our code for any potential security vulnerability and we check all dependencies for any impact on vulnerability before committing such changes to the release version. We use a number of tools to perform such scans such as Codacy and http://Snyk.io to monitor for any potential security vulnerability and provide mitigation measures where necessary. We regularly scan our code base to ensure best practices in writing code and mitigating any known threats relating to the use of certain code structures.

Confidentiality

Our users should rest assured that there's no interaction or storage of end-user data. Any information supplied to the app is processed immediately and discarded and no end-user data is stored. Access to log data is restricted to the administrator (a dedicated individual who monitors the integrity of the BulkOps Pro) of the app and all those information is confidential.

  • Does not store end-user data

  • Does not store uploaded files → Files are only processed and discarded

  • Does not track users

  • We do log errors associated with the app without any end-user data for the improvement of the app

Testing

We run automated and user-based tests for any update and upgrade that is done on the app, we use apps such as Travis-ci to perform automated tests when updates are done. We check for vulnerabilities within dependencies to know and understand if it impacts the app in any way or form. If there are impacts, we provide mitigation steps to remedy the issue.

Disaster Recovery

Daily backup of the database is done in privately encrypted servers. This database is used to store log data used in the audit log and other features of the app. This database does not store any end-user data or any uploaded file data.

Bug Bounties

We appreciate all efforts taken to keep this app safe for use and we encourage the report of such vulnerability if found. However, the BulkOps Pro for Jira does not run any bug bounty programs at the moment

Disclosing Security Issues

The process we've adopted to take security issues from private to public involves multiple steps. Approximately one week prior to public disclosure we provide a security advisory. For our users, we'll typically perform an update automatically with the fix to the vulnerability as soon as possible once, we've detected it.

High

Medium

Low

High

Medium

Low

Remote code execution

Broken authentication

Data exposure

SQL injection

Cross-site scripting (XSS)

Unvalidated redirects

 

Cross-site request forgery (CSRF)

 

Tips

  • Please turn on the Notify me when I login feature, so you’re informed anytime your account was used.

  • Clear the API token field when not in use.

Reporting security issues

 

Related content