Loading content/handbook/security/product-security/vulnerability-management/vulnerability-management-team/_index.md +7 −9 Original line number Diff line number Diff line Loading @@ -39,7 +39,7 @@ We provide automated vulnerability detection, standardized remediation workflows #### Program Coverage & Visibility * Infrastructure vulnerability scanning (GitLab.com, Dedicated) * Container and dependency scanning oversight * Container and dependency scanning inventory and scanning coverage #### Program Metrics & Reporting Loading Loading @@ -70,10 +70,9 @@ The vulnerability triage model is distributed across teams based on expertise an * Maintaining integration with advisory data sources * Ensuring consistent labeling and workflow routing * Application Security * PSIRT * Triaging HackerOne reports and bug bounty submissions * Assessing exploitability and impact for application vulnerabilities * Validating SAST and DAST findings * Infrastructure Security * Triaging cloud/infrastructure misconfigurations Loading @@ -95,7 +94,7 @@ The vulnerability triage model is distributed across teams based on expertise an #### Direct Vulnerability Remediation Tasks owned by [AppSec](../../application-security)/[Engineering](../../../../engineering)/[Infrastructure](../../../../engineering/infrastructure): Tasks owned by [Engineering](../../../../engineering)/[Infrastructure](../../../../engineering/infrastructure): * Writing code fixes for vulnerabilities * Deploying patches Loading @@ -110,7 +109,7 @@ Owned by [CorpSec](../../../corporate/) * Patch tracking and measurement on end user systems * Reporting of end user system vulnerabilities #### GitLab platform Vulnerability Management features #### GitLab platform features development * GitLab Security Dashboard / Report features used by customers * Development/Maintenance of CI/CD vulnerability scanning tools Loading @@ -121,8 +120,7 @@ Owned by [CorpSec](../../../corporate/) ### Slack * `#g_security_vulnmgmt` - public team channel for questions and follow team communication * `#threat_vuln_management` - private team channel increasingly used primarily for team automation * `#security_help` - public Security channel for questions and follow team communication * `@vulnerability-management` - Slack group handle ### GitLab Loading @@ -131,9 +129,9 @@ Owned by [CorpSec](../../../corporate/) ## FY26 Strategic Initiatives * Leading with Data * Unified Vulnerability Lifecycle * FedRAMP * Maturing program focus areas * Program Advocacy ## Planning Loading Loading
content/handbook/security/product-security/vulnerability-management/vulnerability-management-team/_index.md +7 −9 Original line number Diff line number Diff line Loading @@ -39,7 +39,7 @@ We provide automated vulnerability detection, standardized remediation workflows #### Program Coverage & Visibility * Infrastructure vulnerability scanning (GitLab.com, Dedicated) * Container and dependency scanning oversight * Container and dependency scanning inventory and scanning coverage #### Program Metrics & Reporting Loading Loading @@ -70,10 +70,9 @@ The vulnerability triage model is distributed across teams based on expertise an * Maintaining integration with advisory data sources * Ensuring consistent labeling and workflow routing * Application Security * PSIRT * Triaging HackerOne reports and bug bounty submissions * Assessing exploitability and impact for application vulnerabilities * Validating SAST and DAST findings * Infrastructure Security * Triaging cloud/infrastructure misconfigurations Loading @@ -95,7 +94,7 @@ The vulnerability triage model is distributed across teams based on expertise an #### Direct Vulnerability Remediation Tasks owned by [AppSec](../../application-security)/[Engineering](../../../../engineering)/[Infrastructure](../../../../engineering/infrastructure): Tasks owned by [Engineering](../../../../engineering)/[Infrastructure](../../../../engineering/infrastructure): * Writing code fixes for vulnerabilities * Deploying patches Loading @@ -110,7 +109,7 @@ Owned by [CorpSec](../../../corporate/) * Patch tracking and measurement on end user systems * Reporting of end user system vulnerabilities #### GitLab platform Vulnerability Management features #### GitLab platform features development * GitLab Security Dashboard / Report features used by customers * Development/Maintenance of CI/CD vulnerability scanning tools Loading @@ -121,8 +120,7 @@ Owned by [CorpSec](../../../corporate/) ### Slack * `#g_security_vulnmgmt` - public team channel for questions and follow team communication * `#threat_vuln_management` - private team channel increasingly used primarily for team automation * `#security_help` - public Security channel for questions and follow team communication * `@vulnerability-management` - Slack group handle ### GitLab Loading @@ -131,9 +129,9 @@ Owned by [CorpSec](../../../corporate/) ## FY26 Strategic Initiatives * Leading with Data * Unified Vulnerability Lifecycle * FedRAMP * Maturing program focus areas * Program Advocacy ## Planning Loading
