...
Sensitive Data
No
Security Policy
https://doc.rixter.se/display/RP/EULA + and + Privacy + Policy
Release Management
Releases follow our Software Development Process described here:
https://doc.rixter.se/display/RP/Rixter + Software + Development +Process+%28SDLC%29+-+Process (SDLC) - RSDLC
Audits
No, external audits have been done. We do internal audits so far.
...
We have done security pen-tests on some products to find wholes.
This is not a regular task, more case by case or in a procurement process. The tests is the top 10 OWASP security vulnerabilities
External pen tester has been utilized for Integrations Hub for Jira
Notifying Atlassian
Notifications is done by any employee submitting a request Atlassian
...
11. Managing Security Vulnerabilities
https://doc.rixter.se/display/RP/Rixter + Software + Development +Process+%28SDLC%29+-+RSDLCProcess (SDLC) - RSDLC
Vulnerability fixes and CVE records
12. Disaster Recovery
Today we only have forge app and DC apps , both of them being managed by the customers ops teams or by Atlassian when it comes to forge.are handled by the customer.
Protected Fields is handled by Atlassian since it is a Forge App
Integrations Hub for Jira Cloud is handled by Rixter AB
13. Data Recovery
For Protected Fields, Inbox for Jira and Integrations Hub (DC):
We donĀ“t have access to any customer environment to conduct such activity.