Add vulnerability metrics to show customer adoption and overall security trends

Problem to solve

Add metrics to show the value of the vulnerability feature to customers, prospects, employees and security practitioners

Intended users

• Delaney (Development Team Lead)
• Sam (Security Analyst)
• GitLab employee
• Security practitioner

Further details

Track cross-customer metrics for first-class vulnerabilities so that we and our customers can:

• Know adoption of the first-class vulnerability feature so customers, prospects, and employees can become confident in it
• Know top trends in vulnerabilities tracked as first-class vulnerabilities so that security practitioners (customers and prospects) can be better informed in vulnerability security trends

Proposal

Adoption - publish in Periscope and add to a page under the defend group (public):

• Number of customers with >=1 vulnerability tracked (monthly) - customers tracking vulnerabilities in GitLab
• Number of customers with >=1 vulnerability updated (monthly) - customers working vulnerabilities in GitLab
• Total vulnerabilities tracked (monthly)

Security trends - publish in Periscope and add to a page under the defend group (public). Do quarterly blog on trends observed and recommendations for customers based on those trends.

• Number of added vulnerabilities by count and by number of unique customers (monthly) - vulnerability trends

Permissions and Security

• This data will be public. Question: Do we want to make the adoption statistics public?
• We will not collect data from self-hosted customers.
• We will not display and customer-specific data.

Documentation

TBD

Availability & Testing

TBD

What does success look like, and how can we measure that?

• The metrics are available in new handbook pages

What is the type of buyer?

TBD

Links / references

cc @matt_wilson @plafoucriere @cblake @david @tstadelhofer