Atlassian pipes software flaw reports into Jira, so the boss can see them too

Atlassian has decided that its Jira issue-tracker needs one more category of issue to track: security flaws.

Suzie Prince, Atlassian's head of product for DevOps, told The Register developers use multiple tools during their days, which makes communicating security issues hard. It can also mean fixing them doesn't make it into workflows that touch all stakeholders in a software project, she added. Wider visibility matters, Prince argues, because when security issues fester in ops or infosec silos, it's hard to know what fixes to prioritize, and why.

Atlassian's answer is to tap info feeds from Snyk, Mend, Lacework, StackHawk, and JFrog, load them into a new "Security" tab in Jira, where security-related issues can be viewed by all stakeholders and automated workflows route work to the right people. Atlassian parses severity scores to help users prioritize.

Prince said Atlassian saw customers try to build this sort of thing themselves, so the company productized it.

The Register asked Prince if there's a downside to wide visibility of flaws. We offered a scenario in which a product manager who works with developers reads news of a colossal flaw - something along the order of importance of the Log4Shell vulnerability in the ubiquitous Apache Log4j logging library - and uses their ability to see that in a Jira queue to order a fix without understanding that other matters could be more important.

"Being knee jerk is what product managers do," she admitted, before going on to argue that having a single place to manage the flaw-fixing workflow means you get a chance to have a conversation about what fixes are at the top of a to-do list, and why, perhaps leading a nervous non-techie to back down gracefully.

The new security functionality is baked into Jira Software Cloud, accessible to all users today and is covered by existing licenses. Atlassian will add integrations to more security vendors but could not name names or offer a timeline for their inclusion. ®

About Us
Website HardCracked provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
Sep 29
UTM: An Apple hypervisor with some unique extra abilities

Friday FOSS Fest Fancy running Windows, Linux and Classic MacOS on your modern x86-64 or Arm64 Mac? Walk this way

Sep 29
Bringing AI to reality

Sponsored Feature How DeepBrain made the most of Lenovo's AI Innovators Program

Sep 29
CNCF's chief techie talks WebAssembly, AI and licenses

Interview Or how one pesky press release ruined a vacation

Sep 29
Infosys launches aviation cloud it claims can halve lost luggage

Also optimises routes and tames crowds, but can't stop that person who just reclined into your knees

Sep 29
Red Hat bins Bugzilla for RHEL issue tracking, jumps on Jira

Just in time to get Atlassian's latest cross-team collab bits

Sep 29
Medium asks AI bot crawlers: Please, please don't scrape bloggers' musings

OpenAI might respect robots.txt but dunno about the others

Sep 29