Q3 KR: Create a business case and design mocks addressing usability deficiencies in 1 cross-product workflow to present to leadership
KR: Create a business case and design mocks addressing usability deficiencies in 1 cross-product workflow to present to leadership
KR: Ally link
Participants
| Role | Team member | |
|---|---|---|
| DRI | @andyvolpe | Orchestrate effort, keep the team on track, communication of efforts progress |
| Design lead | @mfangman | Responsible for design and solution validation deliverables |
| Research lead | @moliver28 | Responsible for research deliverables |
| Create stage collaborator | @pedroms (@mvanremmerden @annabeldunstone while Pedro is on parental leave) | Helps align effort with the MR restructuring effort |
| Cross-stage collaborator | ||
| PM Support | ||
| Design team support | @gitlab-com/gitlab-ux/secure-protect-ux | Design reviews/ideation as necessary |
Cross-stage flow
Managing security & code quality results in the MR
JTBD
When I'm making changes, I want to deliver secure and performant code, so I can ensure the integrity of my organization's software is not compromised.
Steps & Timeframes (Approx.)
Definition Week 1 - 2
-
Identify cross-stage flow -
Identify participants -
Source past research
Discovery Week 2 - 6
-
Scope the problem area - mural -
Understand usability problems, and user challenges, needs, outcomes - Mural and Parallel research issue -
Analyze top competitors in the space - Mural - Issue link
Solution Week 7 - 12
-
Create designs solving for documented usability gaps & needs | -
Conduct solution validation research on proposed designs |
Business case Week 10 - 12
-
Create a business case for the proposed validated solution | -
Schedule and present business case to leadership | Date: Nov, 15th
Related research
- Foundational research for Secure: focusing on developer engagement
- Ops product direction survey
- Understand needs and goals of Code Quality users
- UX Scorecard: Interacting with vulnerabilities in the MR
- Solution Validation: MR Security UX
Relevant industry information
- OWASP DevSecOps Guideline - v-0.2
- NIST Secure Software Development Framework
-
🔒 Gartner 2022 Magic Quadrant: Application Security Testing -
🔒 Gartner 12 Things to Get Right for Successful DevSecOps -
🔒 DevSecOps: How to seamlessly integrate Security into DevOps -
🔒 Critical capabilities for Application Securtiy Testing -
🔒 Hype Cycle for Application security, 2022 {pg 87, 93}
Related & Past design work:
Considerations
Edited by Andy Volpe