⚠️ Pilot: Consider User-centric categories for Secure

Outcome:

⚠ There still remains a need to talk externally about our security features as tools and not as experiences. It's a nuance of the security industry and changing the way we categorize today could have unexpected outcomes especially with the Forrester Wave Report. ☑ Discussion has begun around adding better definitions to our product categories.

---

Problem:

Planning and creating strategies to improve the user experience is difficult due to how we as an organization classify our categories today.

Background

Our category maturity model is designed to compare our offerings against what is offered by competitors for a certain category and stage group.

These categories don't always align with the experiences we are benchmarking, testing and creating, leaving a gap between how the UX department plans and strategizes and how the rest of the org plans and strategizes.

Example:

SAST a testing tool for detecting vulnerabilities exists as a job inside a pipeline. This category slated to be lovable by Q1 for Secure.

Lovable by our definition means: Provides an elevated user experience that customers love.

There is a disconnect between designing the experience of testing and scanning a commit and how well SAST preforms and is supported as an individual tool.

Current categories: https://about.gitlab.com/stages-devops-lifecycle/secure/

Category maturity plan: https://about.gitlab.com/direction/maturity/

Solution

How might we categorize experiences, features, and tools -within a stage group- that is inclusive to both today's maturity model and the benchmarking efforts of the UX department?