Home / Companies / GitLab / Blog / Post Details
Content Deep Dive

How we're creating a threat model framework that works for GitLab

Blog post from GitLab

Post Details
Company
Date Published
Author
Mark Loveless
Word Count
1,217
Company Posts That Month
13
Language
English
Hacker News Points
-
Post removed?
No
Summary

GitLab has adopted and adapted the PASTA framework for threat modeling to enhance its security processes across various departments while maintaining the simplicity and scalability needed in a remote, asynchronous work environment. Traditionally managed by security departments, threat modeling at GitLab now involves project teams directly, enabling them to create their own models using a customizable template, which they document in markdown files for later review by the security team. This approach empowers engineers to identify and address security issues early in the development process, thereby minimizing security team intervention and leading to more secure code. The integration of this modified framework has improved communication with non-security personnel and external stakeholders by using a common language, ensuring that discussions about security and risk are more accessible. This method not only streamlines the threat modeling process but also makes it more efficient, less time-consuming, and scalable, ultimately enhancing the overall security posture of GitLab's projects.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.