Security terms

Problem to solve: The word 'security' can have many connotations for us. We can create confusion and lack of clarity without a common approach to its use.

Proposal: create a lexicon to distinguish the use of 'security' in various contexts.

1. GitLab is a Secure Application (used as an adjective like GitLab is scalable, open, etc.) @kathyw and her team manage people, processes and technology to secure the GitLab software that may include SAST & DAST but also includes security policies (like using Macs), our own Security Controls, configurations, monitoring of GitLab in production, vulnerability management, etc.
2. GitLab helps our customers Secure and Manage all of the phases of the SDLC (Create, Plan, etc.). The image for this is the infinity with Secure as a horizontal bar below it. https://about.gitlab.com/handbook/product/categories/ To deliver secure applications, customers use GitLab Security Controls throughout the SDLC and Security Testing in validation. Eventually, GitLab will enable vulnerability prioritization for planning and Security Monitoring in production.
   a. Security Testing is a capability or feature of GitLab, typically used in the Verify phase. It includes SAST and DAST, container scanning and dependency scanning (@plafoucriere, @bikebilly and team).
   b. Security Controls are capabilities of Gitlab that altogether provide GitLab customers auditability of code throughout the SDLC. (This is NOT SAST/DAST.) GitHub describes theirs https://docs.google.com/document/d/1s5RIE8hFaMdoBqrnLVlnbuxDUQfZd1kYjduVOZCWIKE/edit?usp=sharing
   • Enforce security policies without interrupting your workflow
   • Complete change log for auditing
   • Two-factor authentication (2FA) for added access control
   • Automated security scanning during verification