Common scheduling pool for security issues

Problem

Currently, 231 security issues have a devopsmanage label. This represents 47% of all 496 security issues, making Manage the responsible stage for almost half of all security issues in the gitlab project.

• Of the 231 Manage issues, 148 of them are confidential security issues. Access with 108.

Most of these issues are backend, and most of them (172 issues, or about 35% of all security issues) fall to ~"group::access". With 3 backend developers on ~"group::access", this is an insurmountable backlog and puts pressure on Access to deliver on both security SLOs and business objectives.

Proposal

Confidential S2/S3 security issues should go into a common pool (see example epic). Every planning cycle, each group is responsible for pulling at least 1 security issue into the scope of their upcoming release.

cc @lmcandrew