Commit 5fbfa62b authored by Mek Stittri's avatar Mek Stittri

Added severity guidelines for security

parent 3394d953
...@@ -210,21 +210,21 @@ This label documents the planned timeline & urgency which is used to measure aga ...@@ -210,21 +210,21 @@ This label documents the planned timeline & urgency which is used to measure aga
| Label | Meaning | Estimate time to fix | Guidance | | Label | Meaning | Estimate time to fix | Guidance |
|-------|-----------------|------------------------------------------------------------------|----------| |-------|-----------------|------------------------------------------------------------------|----------|
| ~P1 | Immediate | Immediate hotfix to production | This would normally correspond to a S1 severity below | | ~P1 | Immediate | Immediate hotfix (outside of the normal release process) | This would normally correspond to a S1 severity below |
| ~P2 | Urgent Priority | The current release | | | ~P2 | Urgent Priority | The current release | |
| ~P3 | High Priority | The next release | | | ~P3 | High Priority | The next release after the current release | |
| ~P4 | Medium Priority | Within the next 3 releases (1 quarter duration) | | | ~P4 | Medium Priority | Within the next 3 releases (approx one quarter) | |
| ~P5 | Low Priority | Anything outside the next 3 releases (the next quarter duration) | The issue is prominent but does not impact user workflow and a workaround if any is well documented | | ~P5 | Low Priority | Anything outside the next 3 releases (approx beyond one quarter) | The issue is prominent but does not impact user workflow and a workaround is documented |
#### Team specific priority guidance #### Specific Priority guidance
| Label | Availability / Performance | Security | | Label | Availability / Performance |
|-------|--------------------------------------------------------------|----------| |-------|--------------------------------------------------------------|
| ~P1 | | | | ~P1 | |
| ~P2 | The issue is (almost) guaranteed to occur in the near future | | | ~P2 | The issue is (almost) guaranteed to occur in the near future |
| ~P3 | The issue is likely to occur in the near future | | | ~P3 | The issue is likely to occur in the near future |
| ~P4 | The issue _may_ occur but it's not likely | | | ~P4 | The issue _may_ occur but it's not likely |
| ~P5 | | | | ~P5 | |
### Bug Severity labels (~S1, ~S2, ~S3 & etc.) ### Bug Severity labels (~S1, ~S2, ~S3 & etc.)
...@@ -237,6 +237,15 @@ Severity labels help us clearly communicate the impact of a ~bug on users. ...@@ -237,6 +237,15 @@ Severity labels help us clearly communicate the impact of a ~bug on users.
| ~S3 | Major Severity | Broken Feature, workaround acceptable | Can create merge requests only from the Merge Requests page, not through the Issue. | | ~S3 | Major Severity | Broken Feature, workaround acceptable | Can create merge requests only from the Merge Requests page, not through the Issue. |
| ~S4 | Low Severity | Functionality inconvenience or cosmetic issue | Label colors are incorrect / not being displayed. | | ~S4 | Low Severity | Functionality inconvenience or cosmetic issue | Label colors are incorrect / not being displayed. |
#### Specific Severity guidance
| Label | Security Impact |
|-------|-------------------------------------------------------------------|
| ~S1 | >50% customers impacted (possible company extinction level event) |
| ~S2 | Multiple customers impacted (but not apocalyptic) |
| ~S3 | A single customer impacted |
| ~S4 | No customer impact, or expected impact within 30 days |
### Label for community contributors (~"Accepting Merge Requests") ### Label for community contributors (~"Accepting Merge Requests")
Issues that are beneficial to our users, 'nice to haves', that we currently do Issues that are beneficial to our users, 'nice to haves', that we currently do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment