Team members on the Vulnerability Research team normally have an area of focus where they spend most of their time. They have stable counterparts in development and product management in those areas of focus to stay aligned on direction across teams.
|Team member||Area of focus||Dev stable counterpart(s)||PM stable counterpart(s)|
|Dinesh Bolkensteyn||Static Analysis, Composition Analysis||Vishwa Bhat (Static Analysis), Fabien Catteau (Composition Analysis)||Connor Gilbert (Static Analysis), Sara Meadzinger (Composition Analysis)|
|Isaac Dawson||Static Analysis, Dynamic Analysis||Vishwa Bhat (Static Analysis), Cam Swords (Dynamic Analysis)||Sara Meadzinger (Dynamic Analysis), Connor Gilbert (Static Analysis)|
|Julian Thome||Static Analysis, Composition Analysis||Vishwa Bhat (Static Analysis), Fabien Catteau (Composition Analysis)||Connor Gilbert (Static Analysis), Sara Meadzinger (Composition Analysis)|
|Michael Henriksen||Dynamic Analysis||Cam Swords (Dynamic Analysis)||Sara Meadzinger (Dynamic Analysis)|
|Wayne Haber (Team Manager)||Team direction||Thomas Woodham||Sarah Waldner|
Our mission is to advance GitLab's security offerings toward their long-term vision and to elevate GitLab's prominence in the security community. We do this by performing security research, working to improve the efficacy of GitLab's security capabilities, developing proofs of concept, publishing papers, speaking at conferences, and broadly sharing our security expertise and practical experience. You can follow updates to our brown-bag sessions and the GitLab blog (#security and #security-research tags).
Facilitate the secure stage achieving lovable maturity and supporting the best possible security assessment at the earliest possible moment.
Vulnerability Research is a research & development team. While we do not typically develop or maintain production features, our work directly impacts the product.
Our priorities are:
group::vulnerability researchlabel on gitlab-org/gitlab issues as our SSOT
The vulnerability researcher’s top priority is, as needed, to support the engineering team until the feature becomes available in GitLab. A secondary focus is to publish things publicly (blogs, talks, etc.) and file patent applications.