How we made GitLab more secure in 2020
Blog post from GitLab
In 2020, GitLab made significant strides in enhancing its security infrastructure, culminating in the successful completion of its first SOC 2 Type 2 attestation, which underscored its commitment to enterprise-grade security. A comprehensive field security study informed strategic security enhancements, while initiatives in application, infrastructure, and bug bounty management helped reduce vulnerabilities and improve response times. The adoption of a next-generation SIEM from Panther Labs enhanced visibility and risk management, and the implementation of a governance, risk, and compliance tool improved vendor reviews. GitLab also introduced the Customer Assurance Package to streamline customer security assessments and is advancing its Security Operational Risk Management program to proactively identify and mitigate risks. The Security Automation team developed tools to prevent accidental AWS key disclosures and introduced Package Hunter to enhance dependency scanning. The bug bounty program achieved notable milestones, including reaching the million-dollar bounty mark and ranking sixth on HackerOne's 2020 Top Ten Public Bug Bounties list. As GitLab looks to 2021, it plans to continue strengthening its security features and services, pursue compliance certifications, and maintain transparency through public documentation and community engagement.
No tracked trend matches for this post yet.