...
Access to the hosts running the app is limited to the development and the infrastructure team using a PPK mechanism
There are contractual NDA's in place for all employees and contractors of Everit
Standard Linux audit logging is enabled (history) and reviewed on a regular basis
Everit uses Amazon AWS for hosting Cloud apps to comply with all local laws. AWS has numerous security certifications and Everit implements many further security controls to safeguard data. AWS has numerous monitoring and alert tools that we are using.
Other details are described in our Data security and Privacy policy
4. Release management
Do you have formal change control and release management processes to manage code changes?
...
We participated in Atlassian’s Marketplace Partner Security Self-Assessment and Bug Bounty program.
7. Penetration testing
...
code reviews for code changes
penetration tests for our cloud apps
secure coding education and review every half a year
We consequently follow secure coding practices. Secure coding is the practice of writing software that's protected from vulnerabilities, like buffer overflow or code injection flow, etc.
...
We participated in the “Bug Bounty Blitz” program organized by the Atlassian. Since the end of September of 2020, we have been running a public “Bug bounty” program according to the Marketplace Security Bug Bounty Program.
...
Do you have mechanisms to notify Atlassian in case of a security breach?
Yes. we We use a dedicated Slack Group in case of any incident e.g.:
...