Security

Implementing change in an already working environment always brings its fair share of growing pains. What happens when that change is Zero Trust?

You talked. We listened. Quicker bug bounty payouts and we're holding a contest for our hackers!

How we’re defining and aligning data zones in our Zero Trust implementation.

The classification of data is a huge step in the right direction when it comes to handling Zero Trust, but it comes with its own set of challenges.

An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.

We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.

Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.

We’ve implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.

What are the challenges and rewards of working security for a growing, cloud native company? We grill one of our senior security engineers.

What’s it like working day and night to kill spam, Bitcoin mining, malware and more? Meet our security team.

Where does today's tech transformation leave tomorrow's security compliance? A senior security analyst tackles the question.

What’s it like working to secure one of the most transparent organizations in the world? Meet our security team.

Independent vs aggregate? Determining the most effective security controls approach for any organization has many considerations.

Four months since going public with our bug bounty program, we dive into where we’re at, what success looks like, and what to expect down the road.

How I learned to iterate quickly during my first week at GitLab.