@@ -154,7 +154,7 @@ We plan in monthly cycles in accordance with our [Product Development Timeline](
- We try to plan 1-2 Milestones ahead, we include a max of 2 planning issues (`workflow::planning breakdown` and `workflow::solution validation`) per person at the start of a Milestone, this is a rule of thumb.
- When a planning issue is included in a Milestone it is also assigned to team members. This is to provide clarity on what and who is doing what planning in the Milestone.
- By the 20th, Product should review the release that just concluded development (currently, we transition development work from one release to the next on the 18th) for issues that slipped from the milestone. Please evaluate issues that weren't merged in time and reschedule them appropriately.
- Identify any issues which may have security implications, and ping the [Application Security Stable Counterpart](/handbook/security/product-security/security-platforms-architecture/application-security/stable-counterparts/) and/or [request an Application Security Review](/handbook/security/product-security/security-platforms-architecture/application-security/appsec-reviews/#adding-features-to-the-queue--requesting-a-security-review). The Product Manager will list these in the planning issue.
- Identify any issues which may have security implications, and [request an Application Security Review](/handbook/security/product-security/security-platforms-architecture/application-security/appsec-reviews/#adding-features-to-the-queue--requesting-a-security-review). The Product Manager will list these in the planning issue.
@@ -697,7 +697,7 @@ Open merge requests may also have other properties that indicate that the engine
## Security is everyone's responsibility
[Security](https://about.gitlab.com/security/) is our top priority. Our Security Team is raising the bar on security every day to protect users' data and make GitLab a safe place for everyone to contribute. There are many lines of code, and Security Teams need to scale. That means shifting security left in the [Software Development LifeCycle (SDLC)](https://about.gitlab.com/stages-devops-lifecycle/). Each team has an [Application Security Stable Counterpart](/handbook/security/product-security/security-platforms-architecture/application-security/stable-counterparts/) who can help you, and you can find more secure development help in the `#security_help` Slack channel.
[Security](https://about.gitlab.com/security/) is our top priority. Our Security Team is raising the bar on security every day to protect users' data and make GitLab a safe place for everyone to contribute. There are many lines of code, and Security Teams need to scale. That means shifting security left in the [Software Development LifeCycle (SDLC)](https://about.gitlab.com/stages-devops-lifecycle/). You can find more secure development help in the `#security_help` Slack channel.
Being able to start the security review process earlier in the software development lifecycle means we will catch vulnerabilities earlier, and mitigate identified vulnerabilities before the code is merged. You should know when and how to proactively [seek an Application Security Review](/handbook/security/product-security/security-platforms-architecture/application-security/appsec-reviews/). You should also be familiar with our [Secure Coding Guidelines](https://docs.gitlab.com/ee/development/secure_coding_guidelines.html).
-[Overview of a project member permissions](https://gitlab.com/help/user/permissions)
-[The DevOps stages and their different groups](/handbook/product/categories/). This page contains information on the development teams, their areas of focus, and their team members as well as the AppSec stable counterparts. It is used to assign issues to the stable counterparts.
-[The DevOps stages and their different groups](/handbook/product/categories/). This page contains information on the development teams, their areas of focus, and their team members.
-[The product features listed by groups that own them](/handbook/product/categories/features/)
-[List of merged security issues in `gitlab-org`](https://gitlab.com/groups/gitlab-org/-/merge_requests?scope=all&state=merged&label_name[]=security&milestone_title=%23upcoming). **Note:** It can include results from the security mirror `gitlab-org/security/`.
-[Application Security KPIs & Other Metrics Dashboard (internal)](https://10az.online.tableau.com/#/site/gitlab/views/appsectest2rawdata/AppSec-ApplicationandContainerVulnerabilityDashboard?:iid=4), including Embedded KPIs which can be filtered by section, stage, or group.
@@ -133,7 +132,6 @@ The list above is not exhaustive and is subject to be modified as our processes
