**Hypothesis:** Using GitLab Duo's Vulnerability Resolution will decrease the amount of time to resolve a found vulnerability, leading to an increased rate of vulnerabilities resolved and a decrease in total open vulnerabilities over time. Additionally, we can quantify the time saved using vulnerability resolution vs. not using it. **Important risk to be aware of:** If we expose these metrics to customers and there is no change in vulnerability resolution time when using vulnerability resolution, it will potentially negatively impact sales and adoption of GitLab Duo Enterprise. We can measure the impact of Vulnerability Resolution with the following metrics: * **Resolved Vulnerabilities:** Count of resolved vulnerabilities over `[insert period]` * **Mean Time To Resolve (MTTR):** The average time to resolve a vulnerability over `[insert period]` * Start event: Vulnerability is first recorded * End event: Vulnerability status = resolved * **Vulnerability Resolution MTTR (VRMTTR):** The average time to resolve a vulnerability with vulnerability resolution over `[insert period]` * Start event: Vulnerability is first recorded * Middle event: Explain with AI or resolve with AI is selected * End event: Vulnerability status = resolved * Display in time and % change from vulnerability lead time * **Vulnerabilities resolution utilization:** Percentage (%) of vulnerabilities resolved with the Vulnerability resolution AI feature over `[insert period]` * `count vulnerabilities resolved with VR / count of total vulnerabilities resolved` * **Vulnerability Resolution Time Saved:** Approximate hours/days saved by using vulnerability resolution * `(vulnerability lead time (avg) - vulnerability resolution lead time (avg)) * count of vulnerabilities resolved with vulnerability resolution` * **Vulnerability resolution unique users** over `[insert period]` * Count of returning users (unique user has used vulnerability resolution previously) * Count of new users (this is the first time the user has used vulnerability resolution in `[insert period]`) Validation was done to \~6 customers, and they resonated well. ## Iteration Path - [ ] MVC1: https://gitlab.com/gitlab-org/gitlab/-/issues/486466+s - [ ] MVC2: https://gitlab.com/gitlab-org/gitlab/-/issues/486467+s - [ ] MVC3: `Mean Time To Resolve (MTTR)` + `Vulnerability Resolution MTTR (VRMTTR)` - [ ] MVC4: `Vulnerabilities resolution utilization` - [ ] MVC5: `Vulnerability Resolution Time Saved`