/
Security Bugfix Policy
Security Bugfix Policy
- Boris Jockov
Owned by Boris Jockov
Scope
The following describes how security bugs are rated and resolved in software provided by Stratus Addons.
Following Atlassian Security Bugfix Policy, all security bugs are assessed according to CVSS v3 scoring system.
Severity Levels
Severity levels are defined by Atlassian policy and are:
Critical - CVSS v3 score >= 9, to be fixed 2 weeks after discovery
High - CVSS v3 score >= 7, to be fixed 3 weeks after discovery
Medium - CVSS v3 score >= 4, to be fixed 5 weeks after discovery
Low - CVSS v3 score >= 4, to be fixed 6 weeks after discovery
Review
This policy will be kept up to date with requirements stated by Atlassian at all times.
Related content
Information Security Policy
Information Security Policy
Read with this
Privacy and Security policies
Privacy and Security policies
Read with this
Security self assesment
Security self assesment
Read with this