Team members on the Vulnerability Research team normally have an area of focus where they spend most of their time. They have stable counterparts in development and product management in those areas of focus to stay aligned on direction across teams.
Team member | Area of focus | Dev stable counterpart(s) | PM stable counterpart(s) |
---|---|---|---|
Wayne Haber (Team Manager) | Team direction | Thomas Woodham | Hillary Benson |
Dinesh Bolkensteyn | Static Analysis, Composition Analysis | James Liu (Static Analysis), Fabien Catteau (Composition Analysis) | Connor Gilbert (Static Analysis), Samuel White (Composition Analysis) |
Isaac Dawson | Dynamic Analysis | Cam Swords | Derek Ferguson |
Michael Henriksen | Dynamic Analysis | Cam Swords | Derek Ferguson |
Julian Thome | Static Analysis, Composition Analysis | Vishwa Bhat (Static Analysis), Fabien Catteau (Composition Analysis) | Connor Gilbert (Static Analysis), Samuel White (Composition Analysis) |
GitLab Group | gitlab-org/secure/vulnerability-research |
Slack Channels | #g_secure-vulnerability-research |
Our mission is to advance GitLab's security offerings toward their long-term vision and to elevate GitLab's prominence in the security community. We do this by performing security research, working to improve the efficacy of GitLab's security capabilities, developing proofs of concept, publishing papers, speaking at conferences, and broadly sharing our security expertise and practical experience. You can follow updates to our brown-bag sessions and the GitLab blog (#security and #security-research tags).
Facilitate the secure stage achieving lovable maturity and supporting the best possible security assessment at the earliest possible moment.
Vulnerability Research is a research & development team. While we do not typically develop or maintain production features, our work directly impacts the product.
Our priorities are:
The vulnerability researcher’s top priority is, as needed, to support the engineering team until the feature becomes available in GitLab. A secondary focus is to publish things publicly (blogs, talks, etc.) and file patent applications.