Jira Align Ongoing Bounty Program Results Report

This report is a technical document detailing the results of an Ongoing Bounty Program conducted by Bugcrowd for Atlassian's Jira Align. The program aimed to identify security vulnerabilities within the Jira Align application from April 1, 2023, to June 30, 2023. The report outlines the methodology used, which leverages a crowd-sourced approach to penetration testing, allowing multiple researchers to contribute to the assessment. It provides a summary of findings categorized by technical severity, including critical, high, medium, and low vulnerabilities. The report indicates that a total of six submissions were received, with four unique valid issues discovered. The document also includes an appendix with additional metrics and insights related to the program, such as submission trends over time and a breakdown of bug types. The findings are intended to inform Jira Align of potential security risks and guide future remediation efforts.