Improved escalation process for overdue issues with certain labels
Problem to solve
Security team is currently testing out escalation engine for gitlab-ce issues: gitlab-com/gl-security/engineering#446. The intent for the escalation engine is twofold:
- Help to drive ownership and accountability for security vulnerabilities
- Integrate this functionality into GitLab issues for customers who want to use escalation engines for their security vulnerability issues.
Security has reported that multiple customers are requesting the same thing, so we should make this a product feature.
Any user that uses GitLab Issues to track mitigation/closure of the issue for KPI/metrics.
See gitlab-com/gl-security/engineering#446 for further details.
We could implement a special escalation process for overdue issues based on some criteria (i.e., for us, ones that have the security label, but other customers may use different labels.)
Permissions and Security
What does success look like, and how can we measure that?
Links / references