Security Division Maturity Models
Overview
Our maturity models track specific states and behaviors of our teams over time. This gives us a roadmap to deliver better outcomes with increased efficiency.
Process
Following our sub-values of dogfooding and adopting boring solutions, the process to create and maintain our maturity models is based on GitLab features only.
Each team of the Security Division should maintain their own maturity models.
Tooling
Maturity models leverage Issue Boards to organise and track progress on the various processes. These issue boards are located in projects under the team GitLab group in https://gitlab.com/gitlab-com/gl-security/ (for example: https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-internal/red-team-maturity-model/ for the Red Team).
Each process of the maturity model is presented by an issue with a short title and a longer description.
Issue labels are used to define the current level and state of the process.
Labels
Maturity levels
The ~Maturity Level::* label reflects the level of the process and is mandatory.
There are five levels defined along the continuum of the model (see the “Capability Maturity Model” wikipedia page for more details):
~Maturity Level::Initial (1)~Maturity Level::Repeatable (2)~Maturity Level::Defined (3)~Maturity Level::Capable (4)~Maturity Level::Efficient (5)
These labels must use the color #6699cc (blue) for consistency.
Progress labels
The ~Maturity::* label reflects the current state of the process and is optional when activity hasn’t started yet:
~Maturity::In Progress: The team is actively working to achieve this state or behavior. Color:#6699cc(blue)~Maturity::Replaced: This state or behavior was previously achieved, but has since been replaced in later maturity level. Color:#8fbc8f(green)~Maturity::Established: This state or behavior has been achieved, and is still being improved and applied. Color:#009966(dark green)
Resources
7db9c423)
