Improved escalation process for overdue issues with certain labels

Problem to solve

Security team is currently testing out escalation engine for gitlab-ce issues: https://gitlab.com/gitlab-com/gl-security/engineering/issues/446. The intent for the escalation engine is twofold:

Help to drive ownership and accountability for security vulnerabilities
Integrate this functionality into GitLab issues for customers who want to use escalation engines for their security vulnerability issues.

Security has reported that multiple customers are requesting the same thing, so we should make this a product feature.

Intended users

Any user that uses GitLab Issues to track mitigation/closure of the issue for KPI/metrics.

Further details

See https://gitlab.com/gitlab-com/gl-security/engineering/issues/446 for further details.

Proposal

We could implement a special escalation process for overdue issues based on some criteria (i.e., for us, ones that have the security label, but other customers may use different labels.)

Improved escalation process for overdue issues with certain labels

Problem to solve

Intended users

Further details

Proposal

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

Links / references