Security of our customers data has always been our #1 priority at Behave Pro, and this is true now more than ever as Behave Pro’s functionality has advanced and our customers trust us with more of their data, such as our Git integrations providing the ability for teams to access their source code through the tool.
Some of the measures we have introduced over the years to further security include:
-
Developer training on the OWASP top 10
-
Encryption in transit; We use HTTPS between micoservices
-
Encryption at rest; We use encrypted disks for out databases
-
Dependency analysis using GitHub and npm audit to identify vulnerable code libraries
-
Anchore for checking docker image compliance against the CIS Docker benchmark
-
AWS GuardDuty and AWS Security Hub for monitoring threats and CIS AWS benchmark compliance
Despite all of the above, we believe our duty to protect our customers security shouldn’t end there. That is why earlier this year our security initiative took another large step forward with the launch of our Bug Bounty program. Our bug bounty program rewards security researchers with a cash ‘Bounty’ for being the first to find a confirmed security issue. The bounty ranges from $1,500 to $100 depending on the severity of the vulnerability found.
What about pen tests?
We arrange for external penetration tests of Behave Pro, but what happens between these tests? Bad actors don’t sit idle and we are constantly releasing new code to production to give you great features, which is where the bug bounty program really proves its value. As part of our on-going commitment, our ‘always on’ bug bounty program means that security researchers are constantly trying to find security issues between our penetration tests.
Atlassian have always been great proponents of bug bounty programs to complement existing security reviews and penetration testing, and they have now formally brought this initiative to the Atlassian Marketplace for Cloud Apps with the Marketplace bug bounty program.
Atlassian Marketplace Bug Bounty Program
At the start of July on the Atlassian Marketplace the ‘Top vendor’ badges was replaced by a new badge, ‘Cloud Security Participant’, to identify vendors and Apps that take security seriously and participate in Atlassian’s security programs. Any App with an active bug bounty program that has been running for at least 4 weeks and has 100+ security researchers is eligible for this new badge.
To encourage other App vendors who hadn’t taken the opportunity to start a Bug Bounty Atlassian arrange a six week ‘Blitz’ starting at the end of May where Atlassian would pay for the Bug Bounties instead of the vendor. Already having out Bug Bounty program up running we still benefited from the Blitz with Atlassian paying enhanced bounties for Behave Pro.
In recognition of our extended efforts around security, especially in relation to the Bug Bounty, we’re proud that Atlassian have awarded us with the ‘Cloud Security Participant’ badge giving our customers the peace of mind that their data is safe with Behave Pro.
Want to implement BDD in your team? Behave Pro is the only BDD tool native to Jira and available on the Atlassian marketplace to hold Cloud Security Participant status. Get a demo today by contacting us using the Live Chat function on our website, or sign up for an evaluation on our marketplace listing.
