Gitlab hero border pattern left svg Gitlab hero border pattern right svg

VUL.7.01 - Vulnerability Remediation Control Guidance

On this page

VUL.7.01 - Vulnerability Remediation

Control Statement

GitLab assigns a risk rating to identified vulnerabilities and prioritizes remediation of legitimate vulnerabilities according to the assigned risk.

Context

It is not reasonable for GitLab to patch 100% of vulnerabilities every day so we need a method to prioritize the remediation. Since the goal of this remediation is to reduce to the risk to the organization, we should perform this prioritization by risk which starts with assigning risk to vulnerabilities as they are identified. This prioritization and remediation is among the best way to reduce risk to GitLab's customers and reputation since unresolved vulnerabilities are among the most common attacks to organizations.

Scope

This control applies to all production systems running GitLab's SaaS product.

Ownership

TBD

Implementation Guidance

For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.

For all reference links relevant to this control, refer to the full guidance documentation.

Examples of evidence an auditor might request to satisfy this control

For examples of evidence an auditor might request, refer to the full guidance documentation.

Framework Mapping