The Security Platforms and Architecture (SPA) sub-department protects GitLab's platform and products by identifying, prioritizing, and mitigating security risks across the entire product lifecycle. Composed of [Security Architecture](/handbook/security/product-security/security-platforms-architecture/security-architecture/), Application Security(/handbook/security/product-security/application-security/), and [Security Research](/handbook/security/product-security/security-platforms-architecture/security-research/), we combine strategic security architecture with operational application security to enable GitLab to be the most secure software factory platform on the market. We work with GitLab engineers and product teams to anticipate and prevent vulnerabilities during design and development, and ensure delivery of high-quality software GitLab customers can trust. We focus on systemic product security risks and operational application security, working cross-functionally to mitigate them while maintaining Engineering's development velocity.
The Security Platforms and Architecture (SPA) sub-department protects GitLab's platform and products by identifying, prioritizing, and mitigating security risks across the entire product lifecycle. Composed of [Security Architecture](/handbook/security/product-security/security-platforms-architecture/security-architecture/), [Application Security](/handbook/security/product-security/security-platforms-architecture/application-security/), and [Security Research](/handbook/security/product-security/security-platforms-architecture/security-research/), we combine strategic security architecture with operational application security to enable GitLab to be the most secure software factory platform on the market. We work with GitLab engineers and product teams to anticipate and prevent vulnerabilities during design and development, and ensure delivery of high-quality software GitLab customers can trust. We focus on systemic product security risks and operational application security, working cross-functionally to mitigate them while maintaining Engineering's development velocity.
