Atlassian pipes software program flaw studies into Jira, so the boss can see them too

jasabacklink June 7, 2023

Atlassian has determined that its Jira issue-tracker wants yet one more class of difficulty to trace: safety flaws.

Suzie Prince, Atlassian’s head of product for DevOps, instructed The Register builders use a number of instruments throughout their days, which makes speaking safety points arduous. It might additionally imply fixing them does not make it into workflows that contact all stakeholders in a software program mission, she added. Wider visibility issues, Prince argues, as a result of when safety points fester in ops or infosec silos, it is arduous to know what fixes to prioritize, and why.

Atlassian’s reply is to faucet data feeds from Snyk, Mend, Lacework, StackHawk, and JFrog, load them into a brand new “Safety” tab in Jira, the place security-related points could be considered by all stakeholders and automatic workflows route work to the appropriate individuals. Atlassian parses severity scores to assist customers prioritize.

Prince stated Atlassian noticed prospects attempt to construct this form of factor themselves, so the corporate productized it.

The Register requested Prince if there is a draw back to extensive visibility of flaws. We supplied a situation by which a product supervisor who works with builders reads information of a colossal flaw – one thing alongside the order of significance of the Log4Shell vulnerability within the ubiquitous Apache Log4j logging library – and makes use of their capability to see that in a Jira queue to order a repair with out understanding that different issues might be extra necessary.

“Being knee jerk is what product managers do,” she admitted, earlier than occurring to argue that having a single place to handle the flaw-fixing workflow means you get an opportunity to have a dialog about what fixes are on the high of a to-do checklist, and why, maybe main a nervous non-techie to again down gracefully.

The brand new safety performance is baked into Jira Software program Cloud, accessible to all customers right this moment and is roofed by present licenses. Atlassian will add integrations to extra safety distributors however couldn’t title names or provide a timeline for his or her inclusion. ®

Tags: , , , , , ,

More Stories

Three quarters of software program engineers face retaliation for whistleblowing

jasabacklink November 21, 2023

Nvidia intros the ‘SuperNIC’ – it is like a SmartNIC, DPU or IPU, however extra tremendous

jasabacklink November 21, 2023

CompSci academics panic as Replit pulls the plug on academic IDE

jasabacklink November 21, 2023

You may have missed

OpenAI meltdown: The place does this depart the upstart, Microsoft, and also you?

jasabacklink November 21, 2023

X’s authorized eagles swoop on Media Issues after antisemitic content material row

jasabacklink November 21, 2023

FAA stays grounded in actuality as SpaceX preps for takeoff

jasabacklink November 21, 2023

Rocky Linux and Oracle Unbreakable Linux additionally hit 9.3

jasabacklink November 21, 2023

Sumo Logic wrestles with safety breach, pins down buyer information

jasabacklink November 21, 2023