Add clarity around security issue due dates
Briefly describe the update
There is a Development department performance indicator around past-due security issues. However, it's become a bit confusing to understand how a security issue's due date interacts with when an open issue may breach its SLA. Clarifying how this KPI is calculated - and how the issue's due date is set via automation - would be quite helpful to groups when prioritizing these issues.
Handbook pages to evaluate
- https://about.gitlab.com/handbook/engineering/development/performance-indicators/#past-due-security-issues
- https://about.gitlab.com/handbook/security/#due-date-on-security-issues
- https://internal.gitlab.com/handbook/engineering/fedramp-compliance/vulnerability-slas/
- https://about.gitlab.com/handbook/security/threat-management/vulnerability-management/#remediation-slas