This very much depends on specific threats, opponents, risks, and the interactions of these: your (perceived, actual) threat model.
Some years back as a member of a third-party services provider I had to sit through the e-learning session of a very large financial services provider. The course (tediously boring, natch) established three tiers of information importance, with the highest being not consumer information, but the organisation's own marketing and product plans.
Which is precisely what you're going to find in a Jira or equivalent project planning trove.
The risks of a lawful competitor running across this are ... reasonably low in many, though not all cases (see the Waymo smart car case for risks involved), though there are certainly cases of corporate espionage.
And petty criminals are somewhat unlikely to see much use from this.
But, to draw from recent HN posts: the ability to specificaly target developers to drop malicious payloads, for foreign governments to exfiltrate technologies or identify individuals to target for enhanced surveillance, to blackmail, to thwart or confuse plans, etc., all exist.
Information of itself is not power, but information with both the impunity to acquire it and the ability to act on it most certainly is.
And that's where Jira-class risks are significant.
Some years back as a member of a third-party services provider I had to sit through the e-learning session of a very large financial services provider. The course (tediously boring, natch) established three tiers of information importance, with the highest being not consumer information, but the organisation's own marketing and product plans.
Which is precisely what you're going to find in a Jira or equivalent project planning trove.
The risks of a lawful competitor running across this are ... reasonably low in many, though not all cases (see the Waymo smart car case for risks involved), though there are certainly cases of corporate espionage.
And petty criminals are somewhat unlikely to see much use from this.
But, to draw from recent HN posts: the ability to specificaly target developers to drop malicious payloads, for foreign governments to exfiltrate technologies or identify individuals to target for enhanced surveillance, to blackmail, to thwart or confuse plans, etc., all exist.
Information of itself is not power, but information with both the impunity to acquire it and the ability to act on it most certainly is.
And that's where Jira-class risks are significant.