Feb Security KPI Updates 2
Why is this change being made?
- SecAssurance:
- Minor reasons updates applied
- SecOps:
- Minor reasons updates applied
- SecEng:
- Changed the title of the "Age of current open vulnerabilities by severity" to "Age of current open application and container vulnerabilities by severity"
- Updated the AppSec - Application and Container Vulnerability Dashboard to reflect current status for January and February
- Threat Management:
- No updates
- Additional Notes:
- Removed Parent references to Engineering KPIs and standardized confidential health for confidential K/PIs
- Removed the Security Department MR Rate PI as proposed during the January 2023 Security Key Review : https://about.gitlab.com/handbook/security/performance-indicators/#security-mr-rate
- !119495 (merged) We are no longer tracking location factor and can remove the following PIs: * New Hire Average Location Factor * Average Location Factor
Author Checklist
-
Provided a concise title for this Merge Request (MR) -
Added a description to this MR explaining the reasons for the proposed change, per say why, not just what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
-
Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
Maintained by
section on the page being edited - If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
- The when to get approval handbook section explains the workflow in more detail
- If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
-
If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR - If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.
Edited by Julia Lake