Any sufficiently complicated product will eventually have major CVEs, as you say. Anyone having hosted Atlassians product know that these products are nothing but garbage fires on the inside, as the commenter above said.
Both of these statements are true and not mutually exclusive in any way.
So yes. Yes it does. Unless you meant that CVEs imply garbage code, in which case I think you read the comment wrong.
> everyone is now aware of the awful engineering practices that underpin their products
This one fault doesn't tell anything about overall quality of the product.
Would you care to give us alternatives, for example, to the JIRA bug tracker (which I used a lot, slowly :-))
Paper.
An Excel spreadsheet shared on a Windows for Workgroups share drive.
Carrier pigeon.
Quitting software to become a llama herder.
Seriously, though, after over two decades of using different tracking systems I think that the real alternative to stuff like Jira is to not go there. You may think that you need all those bells and whistles, but you really don't. What you actually need is the simplest possible issue tracking system you can get away with. All you really need is a prioritised list of issues, and a list of who is working on which issues now. ‘Kanban’ boards get pretty close.
Minimalism is power.
JIRA is too many things to too many people - in the quest to be everyone's bug tracker, they wrote (badly) in the whole kitchen sink. This is a general issue with most software, though. Especially big software.
You cannot have complex capable software that is also simple. That's an oxymoron. You can have complex software which works, but it is difficult to get there, and keep it there. There is simply too much that can go wrong that over time, it almost must go wrong.
Keeping everything 'simple' is not an alternative - the world is complex and so even a bunch of simple things, when put together, make something complex. Think unix shell scripts which can be so much sphagetti. The unix philosophy is to keep things simple, and yet ignoring the complexity leads to its own complexity.
That's the real 'terrible engineeing practices' which get down Atlassian and everyone else's programs.
Someone said 'use paper' or 'quit and become a llamma herder' - these seem simple but again, paper burns, shepherds get shot or held up by drug gangs.
All to say, I don't think JIRA is actually that bad. There could be worse products, there could be better. But it would exceedingly difficult to make something simple which also served everybody.
The most annoying bug was that one could only have around 4-5 tabs open before something went wrong and everything stopped updating.
Kiln was also a great product and allowed for using both Git and Mercurial. It was way better than anything else at the time, but lost out to Github.
I always liked Spolsky's Evidence Based Scheduling that was built into the products.
Thanks
It is very enlightening. Try using their editor component to display the text of one of your Jira comments and making it display attachments.
