Commit dbbc4446 authored by Kristie Thomas's avatar Kristie Thomas 🌻
Browse files

update links

parent 3fc76d2c
......@@ -857,7 +857,7 @@ The packages we ship are signed with GPG keys, as described in the [omnibus docu
## Annual 3rd-Party Security Testing
Along with the internal security testing done by the [Application Security](#application-security), [Security Research](#security-research), and [Red](/handbook/engineering/security/red-team/) teams, GitLab annually contracts a 3rd-party penetration test of our infrastructure. For more information on the goals of these exercises, please see our [Penetration Testing Policy](/handbook/engineering/security/penetration-testing-policy.html).
Along with the internal security testing done by the [Application Security](#application-security), [Security Research](#security-research), and [Red](/handbook/engineering/security/operations/red-team/) teams, GitLab annually contracts a 3rd-party penetration test of our infrastructure. For more information on the goals of these exercises, please see our [Penetration Testing Policy](/handbook/engineering/security/penetration-testing-policy.html).
The following process is followed for these annual tests:
......
......@@ -60,7 +60,7 @@ GitLab's internal red team extends the objectives of penetration testing by exam
Red team exercises provide more comprehensive assessments that reflect real-world conditions over penetration testing. The exercises can further be used to improve security awareness and training and to assess levels of security control effectiveness. GitLab utilizes NIST 800-53 Revision 4 security control CA-8 to define the Red Team and their mission. The control can be found on [NIST.gov](https://nvd.nist.gov/800-53/Rev4/control/CA-8).
The Red Team operates under a predefined set of [rules of engagement](https://about.gitlab.com/handbook/engineering/security/red-team/red-team-roe.html). The rules of engagement exist to inform GitLab's team members on how the team operates during engagements. It provides guidelines for determining scope, the ethics we employ during our engagements, how we collaborate as a security team, and how we escalate vulnerabilities and exploits we discover during those engagements
The Red Team operates under a predefined set of [rules of engagement](https://about.gitlab.com/handbook/engineering/security/operations/red-team/red-team-roe.html). The rules of engagement exist to inform GitLab's team members on how the team operates during engagements. It provides guidelines for determining scope, the ethics we employ during our engagements, how we collaborate as a security team, and how we escalate vulnerabilities and exploits we discover during those engagements
**Schedule / Topics Covered:**
- RED101.1: GitLab’s Red Team Approach / Past exercise overview
......
......@@ -58,7 +58,7 @@ GitLab provides a contact method for external parties to:
* [GitLab maintains an active bug bounty program](/handbook/engineering/security/#vulnerability-reports-and-hackerone) on HackerOne as another way for external parties to report security vulnerabilities
* [All other inquiries and reports can be made on the `gitlab-ce` issue tracker](https://gitlab.com/gitlab-org/gitlab-ce/issues)
4. [Red Team Rules of Engagement](/handbook/engineering/security/red-team/red-team-roe.html)
4. [Red Team Rules of Engagement](/handbook/engineering/security/operations/red-team/red-team-roe.html)
5. [Incident Management for Self-Managed Customers](/handbook/support/incident-management/)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment