@@ -9,6 +9,16 @@ Aligned with GitLab's overarching information security strategy and its three-ye
At GitLab, product security encompasses a broad range of cybersecurity disciplines that enable product and engineering teams to design, develop, deploy, maintain, and refine GitLab's technologies securely. This goes beyond the conventional confines of security, covering everything from protecting developer workstations to ensuring the integrity of our production environments.
### Teams
The Product Security sub-department includes the following teams. Learn more about each by visiting their handbook pages.
| Sub-department | When to reach out | Teams |
|---|---|---|
| [Security Platforms & Architecture (SPA)](security-platforms-architecture/) | If you're building features or AI capabilities | [SPA](security-platforms-architecture/), [AppSec](security-platforms-architecture/application-security/) |
| [Infrastructure Security (InfraSec)](infrastructure-security/) | If you're working on infrastructure | [InfraSec](infrastructure-security/), [Data Security](data-security/) |
| [Security Capabilities Engineering (SCE)](security-capabilities-engineering/) | If you're working around vulnerability data, bug bounty, or security tooling | [Vuln MGMT](vulnerability-management/), [PSIRT](psirt/), [ProdSecEng](security-platforms-architecture/product-security-engineering/) |
### The Product Security Mission
Our mission is to set the standard for product security by fostering a culture of rapid innovation and secure product delivery. We are committed to leveraging the GitLab platform, embodying the pinnacle of internal usage ('dogfooding') practices. By maintaining close collaboration with product teams and contributing significant security features and capabilities to the GitLab codebase, we aim to enhance our operations and be a vital driver of the broader GitLab vision.
@@ -36,15 +46,6 @@ Success in product security is not confined to PSD or even the Security Division
-**Decentralization and Empowerment**: Acknowledging that product and engineering teams possess deep, specialized knowledge of their domains, PSD advocates for these teams to take ownership of security tasks like secure code reviews and threat modeling. This decentralization fosters a more integrated and effective security posture across GitLab.
-**Integration with Reliability, Quality, Infrastructure, and Platform Engineering:** PSD's mission to mitigate product security flaws is inherently tied to improving overall product quality and reliability. We aim to leverage and integrate with the practices of existing teams to enhance both security and product excellence.
## Teams
The Product Security sub-department includes the following teams. Learn more about each by visiting their Handbook pages.
-[Security Platforms and Architecture](security-platforms-architecture)
-[Data Security](data-security/)
## Product Security Department Label Standardization
The Product Security Department has standardized its labeling system to improve issue tracking, team identification, and cross-team collaboration across all security teams.
