Quirk Consulting takes security seriously. As a company we strive for perfection, but recognise itâ€™s a never-ending journey, and this ethos applies to our security practices. Below we detail our current practices.
We align with the Security Severity Levels published by Atlassian, and we adhere to their security requirements for Cloud applications.
If you believe you have found or experienced a security vulnerability with an Quirk Consulting product or service please contact us.
Our Jira Cloud versions require the following Atlassian Connect Permissions (Scopes): Read; Write; Delete.
As the product is delivered as a static, client-side add-on, the requests to read, create or update Jira data are made by the account of the person using the addon.
Quirk Consulting maintains a prioritised backlog of features and enhancements that is structured according to customer value and key requests. Features are pulled from the backlog and decomposed as epics and user stories one at a time, and full capacity is allocated to said feature development until release.
When a release candidate has been identified, the code is packaged and tested in a variety of test environements with different Jira versions and data sets. This ensures we pick up and triage as many edge cases as possible prior to a production release.
Once all tests have passed, the release candidate is merged into the main branch of a git repository and tagged with the appropriate version. For Jira Cloud customers the feature is deployed and enabled automatically, whereas for Jira Server the package is manually uploaded to the Atlassian Marketplace for distribution.
Build, test and deployment automation means Quirk Consulting Team Members do not require or have access to production infrastructure.
Team members that develop in our test environments use randomly generated passwords, plus Two Factor Authentication provided by Google where possible.