Gearing ratios are used as Business Drivers to forecast long term financial goals by function.
The gearing ratio for bug bounty expenditure is as follows:
An illustration: GitLab is worth 3.5 billion and a significant compromise can cost GitLab $35 million. 10% ratio = $3.5 million budget. Likewise, 1% of budget = $35,000 top reward
Approximate monthly budget should be set at total budget divided by 12. It should be understood that our bug bounty payouts are largely unpredictable and fluctuate based on the following:
This gearing ratio is owned by the Security Engineering and Research Sub-department. The cost of a compromise should be re-evaluated at least annually based on the average market cap of GTLB over the previous 6 months.
SIRT is the sole carrier of the Security On-Call (SEOC) rotation, which ensures that there's a page-able Security Engineer 24/7/365. The baseline and gearing ratio for the size of the SIRT have been agreed on as outlined below:
This gearing ratio is owned by the Security Operations Sub-department.