Vulnerability Disclosure Policy

JiBrok is committed to the security of our products and welcomes responsible disclosure of vulnerabilities from security researchers.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any JiBrok product or on jibrok.com, please report it to us. We appreciate your help in keeping our products and customers safe.

How to Report

Send your report to security@jibrok.com with the following information:

  • Product name - which JiBrok app or service is affected
  • Description - clear explanation of the vulnerability
  • Steps to reproduce - detailed instructions to replicate the issue
  • Impact assessment - what an attacker could achieve by exploiting this vulnerability
  • Supporting materials - screenshots, logs, or proof-of-concept code (if available)

Scope

This policy applies to:

  • All JiBrok Cloud apps on the Atlassian Marketplace
  • The jibrok.com website

Our Response Commitment

  • Acknowledge your report within 3 business days
  • Update you on our assessment within 10 business days
  • Resolve confirmed vulnerabilities based on severity and impact

Out of Scope

The following are not covered by this policy:

  • Social engineering or phishing attacks
  • Denial of service (DoS/DDoS) attacks
  • Physical security testing
  • Automated vulnerability scanning without prior coordination
  • Issues in third-party services or Atlassian platform infrastructure

Safe Harbor

JiBrok will not pursue legal action against security researchers who:

  • Act in good faith to avoid privacy violations, data destruction, or service disruption
  • Provide us reasonable time to address the issue before any public disclosure
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • Do not access or modify data belonging to other users or customers

We consider security research conducted in accordance with this policy to be authorized and will not initiate legal action for accidental, good-faith violations.

Marketplace Bug Bounty Program

JiBrok Studio participates in the Atlassian Marketplace Security Bug Bounty Program - a managed vulnerability discovery program run by Atlassian through the Bugcrowd platform.

This program invites security researchers to test Marketplace apps and report vulnerabilities through a structured, incentivized process managed by Atlassian.

About the Bug Bounty Program

Report a Vulnerability

Contact our security team directly.

security@jibrok.com Trust Center
JiBrok Studio for Jira Cloud JiBrok Studio for Jira Cloud
JiBrok Message Field for Jira Cloud Message Field for Jira Cloud
JiBrok time in status Time in status for Jira Cloud
JiBrok Calculated fields Calculated fields (JBCF) for Jira Cloud
JiBrok Timer Timer field | SLA for Jira Cloud
JiBrok Stopwatch Stopwatch for Jira Cloud
JiBrok Time between dates Time between dates for Jira Cloud
JiBrok Fields panel for Jira Service Management (JSM) Fields panel for Jira Service Management (JSM)
JiBrok Display Linked Issues Display Linked Issues
User helper for JiBrok cloud apps User helper for JiBrok cloud apps
JiBrok message field Message field
JiBrok time in status Time in status | SLA | Timer | Stopwatch
JiBrok Switch to User + Delegating SU (Jira) Switch to User + Delegating SU (Jira)
JiBrok Calculated fields Calculated fields (JBCF)
rss
rss
rss