Home / Companies / GitLab / Blog / Post Details
Content Deep Dive

How we made GitLab more secure in 2020

Blog post from GitLab

Post Details
Company
Date Published
Author
Johnathan Hunt
Word Count
1,575
Company Posts That Month
21
Language
English
Hacker News Points
-
Summary

In 2020, GitLab made significant strides in enhancing its security infrastructure, culminating in the successful completion of its first SOC 2 Type 2 attestation, which underscored its commitment to enterprise-grade security. A comprehensive field security study informed strategic security enhancements, while initiatives in application, infrastructure, and bug bounty management helped reduce vulnerabilities and improve response times. The adoption of a next-generation SIEM from Panther Labs enhanced visibility and risk management, and the implementation of a governance, risk, and compliance tool improved vendor reviews. GitLab also introduced the Customer Assurance Package to streamline customer security assessments and is advancing its Security Operational Risk Management program to proactively identify and mitigate risks. The Security Automation team developed tools to prevent accidental AWS key disclosures and introduced Package Hunter to enhance dependency scanning. The bug bounty program achieved notable milestones, including reaching the million-dollar bounty mark and ranking sixth on HackerOne's 2020 Top Ten Public Bug Bounties list. As GitLab looks to 2021, it plans to continue strengthening its security features and services, pursue compliance certifications, and maintain transparency through public documentation and community engagement.

Trends Found in this Post

No tracked trend matches for this post yet.