[{"data":1,"prerenderedAt":1082},["ShallowReactive",2],{"/en-us/the-source/security/security-its-more-than-culture-addressing-the-root-cause-of-common-security/":3,"footer-en-us":51,"the-source-banner-en-us":357,"the-source-navigation-en-us":369,"the-source-newsletter-en-us":397,"article-site-categories-en-us":408,"security-its-more-than-culture-addressing-the-root-cause-of-common-security-article-hero-category-en-us":410,"security-its-more-than-culture-addressing-the-root-cause-of-common-security-the-source-gated-asset-en-us":433,"security-its-more-than-culture-addressing-the-root-cause-of-common-security-category-en-us":449,"security-its-more-than-culture-addressing-the-root-cause-of-common-security-the-source-resources-en-us":461,"security-its-more-than-culture-addressing-the-root-cause-of-common-security-article-hero-author-en-us":492},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":15,"content":19,"type":43,"slug":44,"category":5,"_id":45,"_type":46,"title":7,"_source":47,"_file":48,"_stem":49,"_extension":50},"/en-us/the-source/security/security-its-more-than-culture-addressing-the-root-cause-of-common-security","security",false,"",{"layout":9,"template":10,"articleType":11,"author":12,"featured":13,"gatedAsset":14},"the-source","TheSourceArticle","Regular","josh-lemos",true,"application-security-in-the-digital-age",{"title":16,"description":17,"ogImage":18},"Addressing the root cause of common security frustrations","Security frustrations are often framed as a cultural issue — but leaders also need to focus on issues like tech stack complexity and vulnerability management.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464489/mragusmxl1wz8ozdaoml.png",{"title":16,"date":20,"description":17,"timeToRead":21,"heroImage":18,"keyTakeaways":22,"articleBody":26,"faq":27},"2024-10-29","5 min read",[23,24,25],"The shift to authenticated scanning in vulnerability management heightens effectiveness but may divert engineering efforts towards non-critical tasks, creating a division between security and engineering teams.","A minimalist approach to software development can minimize dependencies, reduce scanner noise, and lighten the developer's load, contributing to improved software security.","Adopting a \"paved roads\" approach, which involves tested and assured design patterns based on repeatable use cases, can reduce the burden on engineering teams and increase security.","This year, GitLab’s [annual survey of DevSecOps professionals](https://about.gitlab.com/developer-survey/) uncovered several issues related to organizational culture that could be preventing deeper alignment between engineering and security teams. A majority (58%) of security respondents said they have difficulty getting development to prioritize remediation of vulnerabilities, and 52% reported that red tape often slows their efforts to quickly fix vulnerabilities. In addition, security respondents pointed to several specific frustrations related to their jobs, including difficulty understanding security findings, excessive false positives, and testing happening late in the software development process.\n\n[DevSecOps](/topics/devsecops/) promises better integration between engineering and security, but it’s clear that frustrations and misalignment persist. That’s because these challenges are symptoms of a larger problem with how organizations view security, as well as how teams work together and how they allocate time to security.\n\n## Escaping the vulnerability hamster wheel\n\nVulnerability scanning surfaces all potential vulnerabilities - however, just because a software package has a common vulnerability or exposure (CVE) doesn’t mean it’s reachable or exploitable. Security teams and developers alike are still triaging and filtering through vulnerability findings that have grown exponentially over the years since authenticated vulnerability scanning became the norm.\n\nThe move to authenticated scanning has improved the effectiveness of security programs in many ways, but it’s also put developers on an endless hamster wheel of fixing things that don’t matter. When teams waste their efforts on patches that don’t address an exploitable vulnerability, they are diverted from more critical tasks, such as patching vulnerable and exploitable flaws. That’s the source of much of the division between security and engineering teams today.\n\nSo, how can organizations address the root cause of these issues and promote better integration between engineering and security? Here are three ways to prevent common security frustrations at the source.\n\n### 1. Silence the noise, focus on actionable high-fidelity signals\n\nExcessive false positives were the second highest rated frustration identified by security respondents in our survey. False positives are clearly a challenge, but they are often a vulnerability management problem in disguise.\n\nIf an organization sees many false positives, that could be a sign that they haven’t done all they can to ensure their security findings are high-fidelity. Organizations should narrow the focus of their security efforts to what matters. That means traditional static application security testing (SAST) solutions are likely insufficient. SAST is a powerful tool but loses much of its value if the results are unmanageable or lack appropriate context. For SAST to be most effective, it must be used [seamlessly with other security and development tools and be accessible to developers](https://about.gitlab.com/blog/oxeye-joins-gitlab-to-advance-application-security-capabilities/).\n\nAnother issue is that most scanning tools have a very narrow context window for understanding vulnerability findings. This is one of the areas where AI can help with [AI-powered features that explain security vulnerabilities](https://about.gitlab.com/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo/).\n\n### 2. Minimize the tech stack, minimize the attack surface\n\nStaying focused on what matters doesn’t just apply to security testing - it should start with how an organization builds software in the first place.\n\nAlthough AI promises to help simplify software development processes, [our survey suggests that many organizations still have a long road ahead](https://about.gitlab.com/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey/). In fact, respondents who are using AI were significantly more likely than those not using AI to want to consolidate their toolchain, suggesting that the proliferation of different point solutions running different AI models could be adding complexity, not taking it away.\n\nThe ever-increasing complexity of organizations’ tech stacks is a major contributor to security frustrations. Some complexity is unavoidable when building large, multi-faceted software systems. However, organizations should take steps to avoid complexity resulting from suboptimal design decisions, such as difficult-to-maintain code and redundant dependencies. This unnecessary complexity creates a larger attack surface and generates more security scan findings for teams to sort through, prioritize, and address.\n\nOrganizations should approach development through the lens of software minimization - that is, being intentional about the tools they adopt and what they decide to build into their codebases. This will help minimize dependencies, improve the security of the software supply chain, reduce scanner noise, and ease the burden on developers to fix non-critical issues.\n\n### 3. Normalize paved roads\n\nSecurity testing happening too late in the software development lifecycle was another one of the top frustrations identified by our survey respondents. Teams might be frustrated when they want to ship something and it gets delayed because a vulnerability is detected late - but in many cases it might not have been possible to detect that vulnerability any earlier. What is possible, however, is operationalizing easily deployable, reusable security components, limiting the variables and potential vulnerabilities.\n\nTeams can avoid late-stage surprises by embracing [tested and assured design patterns based on repeatable use cases](https://about.gitlab.com/the-source/platform/how-devops-and-platform-engineering-turbocharge-efficiency/): the “paved roads” approach. A paved road is a recommended path, including a curated set of tools, processes, and components, that teams can follow to build secure applications more efficiently - for example, using GitOps to version and deploy well-architected and tested Infrastructure as Code that deploys at scale for all workloads.\n\nAdopting paved roads potentially removes some flexibility, but ultimately reduces the operational burden and rework on engineering teams and increases security. This needs to be a collaborative effort between security and development. Security can help to design paved roads, but engineering has to be involved to operate and maintain them as part of the codebase.\n\n## Security is a domain, not a team{class=\"no-anchor\"}\n\nWe’re already seeing security as a practice shift into engineering teams, and we can expect the boundaries between the two to continue to blur. However, with the rapid adoption of AI and the corresponding acceleration of software development - 66% of our survey respondents said they are releasing software twice as fast or faster than last year - it will be critical for organizations to establish systems and frameworks that optimize for the greatest security benefit. That’s why the idea of a cultural disconnect between development and security isn’t the whole story. Fostering a culture of collaboration is essential, but security and engineering teams must also work together to rethink foundational aspects of software development, such as optimizing existing codebases and building scalable engineering-centric solutions that can be seamlessly adopted by technical teams across the organization.",[28,31,34,37,40],{"header":29,"content":30},"What is the “paved roads” approach to security, and why is it effective?","The [\"paved roads\" or \"golden path\" approach](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) standardizes security best practices by providing pre-approved tools, design patterns, and infrastructure configurations that teams can follow. By using reusable, well-tested security components, organizations reduce late-stage security surprises, streamline development, and ensure applications are secure by default. This approach balances flexibility with security assurance.",{"header":32,"content":33},"How does toolchain complexity contribute to security risks?","A fragmented toolchain increases security risks by creating a larger attack surface, introducing redundant dependencies, and making security oversight more difficult. Many organizations are now consolidating their tech stacks to reduce complexity and improve security outcomes. A DevSecOps platform can help unify security, development, and operations, minimizing inefficiencies and reducing security blind spots.",{"header":35,"content":36},"Why is security shifting from a separate team to an engineering practice?","Security is increasingly being embedded within development teams to align with modern DevSecOps practices. As software releases accelerate, security must be built into the development process rather than treated as an afterthought. Organizations that integrate security into engineering workflows — through automation, AI-driven insights, and security-aware coding practices — achieve stronger, more scalable security outcomes.",{"header":38,"content":39},"How can organizations reduce security-related false positives?","False positives can be minimized by refining security testing tools, ensuring they provide actionable and high-confidence findings. AI-powered vulnerability analysis can help contextualize security issues and filter out irrelevant alerts. Additionally, consolidating security tools within a DevSecOps platform can improve accuracy by correlating security data across multiple sources.",{"header":41,"content":42},"Why do security teams struggle to get vulnerabilities prioritized?","Security teams often face challenges in getting vulnerabilities addressed because developers are overwhelmed by excessive security alerts, many of which are false positives. Without clear prioritization, teams waste time fixing non-exploitable issues instead of focusing on critical vulnerabilities. A more efficient approach involves using AI-powered security tools to surface high-fidelity signals and integrating security seamlessly into development workflows.","article","security-its-more-than-culture-addressing-the-root-cause-of-common-security","content:en-us:the-source:security:security-its-more-than-culture-addressing-the-root-cause-of-common-security:index.yml","yaml","content","en-us/the-source/security/security-its-more-than-culture-addressing-the-root-cause-of-common-security/index.yml","en-us/the-source/security/security-its-more-than-culture-addressing-the-root-cause-of-common-security/index","yml",{"_path":52,"_dir":53,"_draft":6,"_partial":6,"_locale":7,"data":54,"_id":353,"_type":46,"title":354,"_source":47,"_file":355,"_stem":356,"_extension":50},"/shared/en-us/main-footer","en-us",{"text":55,"source":56,"edit":62,"contribute":67,"config":72,"items":77,"minimal":345},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":57,"config":58},"View page source",{"href":59,"dataGaName":60,"dataGaLocation":61},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":63,"config":64},"Edit this page",{"href":65,"dataGaName":66,"dataGaLocation":61},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":68,"config":69},"Please contribute",{"href":70,"dataGaName":71,"dataGaLocation":61},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":73,"facebook":74,"youtube":75,"linkedin":76},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[78,105,177,245,307],{"title":79,"links":80,"subMenu":86},"Platform",[81],{"text":82,"config":83},"DevSecOps platform",{"href":84,"dataGaName":85,"dataGaLocation":61},"/platform/","devsecops platform",[87],{"title":88,"links":89},"Pricing",[90,95,100],{"text":91,"config":92},"View plans",{"href":93,"dataGaName":94,"dataGaLocation":61},"/pricing/","view plans",{"text":96,"config":97},"Why Premium?",{"href":98,"dataGaName":99,"dataGaLocation":61},"/pricing/premium/","why premium",{"text":101,"config":102},"Why Ultimate?",{"href":103,"dataGaName":104,"dataGaLocation":61},"/pricing/ultimate/","why ultimate",{"title":106,"links":107},"Solutions",[108,113,117,122,127,132,137,142,147,152,157,162,167,172],{"text":109,"config":110},"Digital transformation",{"href":111,"dataGaName":112,"dataGaLocation":61},"/topics/digital-transformation/","digital transformation",{"text":114,"config":115},"Application Security Testing",{"href":116,"dataGaName":114,"dataGaLocation":61},"/solutions/application-security-testing/",{"text":118,"config":119},"Automated software delivery",{"href":120,"dataGaName":121,"dataGaLocation":61},"/solutions/delivery-automation/","automated software delivery",{"text":123,"config":124},"Agile development",{"href":125,"dataGaName":126,"dataGaLocation":61},"/solutions/agile-delivery/","agile delivery",{"text":128,"config":129},"Cloud transformation",{"href":130,"dataGaName":131,"dataGaLocation":61},"/topics/cloud-native/","cloud transformation",{"text":133,"config":134},"SCM",{"href":135,"dataGaName":136,"dataGaLocation":61},"/solutions/source-code-management/","source code management",{"text":138,"config":139},"CI/CD",{"href":140,"dataGaName":141,"dataGaLocation":61},"/solutions/continuous-integration/","continuous integration & delivery",{"text":143,"config":144},"Value stream management",{"href":145,"dataGaName":146,"dataGaLocation":61},"/solutions/value-stream-management/","value stream management",{"text":148,"config":149},"GitOps",{"href":150,"dataGaName":151,"dataGaLocation":61},"/solutions/gitops/","gitops",{"text":153,"config":154},"Enterprise",{"href":155,"dataGaName":156,"dataGaLocation":61},"/enterprise/","enterprise",{"text":158,"config":159},"Small business",{"href":160,"dataGaName":161,"dataGaLocation":61},"/small-business/","small business",{"text":163,"config":164},"Public sector",{"href":165,"dataGaName":166,"dataGaLocation":61},"/solutions/public-sector/","public sector",{"text":168,"config":169},"Education",{"href":170,"dataGaName":171,"dataGaLocation":61},"/solutions/education/","education",{"text":173,"config":174},"Financial services",{"href":175,"dataGaName":176,"dataGaLocation":61},"/solutions/finance/","financial services",{"title":178,"links":179},"Resources",[180,185,190,195,200,205,210,215,220,225,230,235,240],{"text":181,"config":182},"Install",{"href":183,"dataGaName":184,"dataGaLocation":61},"/install/","install",{"text":186,"config":187},"Quick start guides",{"href":188,"dataGaName":189,"dataGaLocation":61},"/get-started/","quick setup checklists",{"text":191,"config":192},"Learn",{"href":193,"dataGaName":194,"dataGaLocation":61},"https://university.gitlab.com/","learn",{"text":196,"config":197},"Product documentation",{"href":198,"dataGaName":199,"dataGaLocation":61},"https://docs.gitlab.com/","docs",{"text":201,"config":202},"Blog",{"href":203,"dataGaName":204,"dataGaLocation":61},"/blog/","blog",{"text":206,"config":207},"Customer success stories",{"href":208,"dataGaName":209,"dataGaLocation":61},"/customers/","customer success stories",{"text":211,"config":212},"Remote",{"href":213,"dataGaName":214,"dataGaLocation":61},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":216,"config":217},"GitLab Services",{"href":218,"dataGaName":219,"dataGaLocation":61},"/services/","services",{"text":221,"config":222},"TeamOps",{"href":223,"dataGaName":224,"dataGaLocation":61},"/teamops/","teamops",{"text":226,"config":227},"Community",{"href":228,"dataGaName":229,"dataGaLocation":61},"/community/","community",{"text":231,"config":232},"Forum",{"href":233,"dataGaName":234,"dataGaLocation":61},"https://forum.gitlab.com/","forum",{"text":236,"config":237},"Events",{"href":238,"dataGaName":239,"dataGaLocation":61},"/events/","events",{"text":241,"config":242},"Partners",{"href":243,"dataGaName":244,"dataGaLocation":61},"/partners/","partners",{"title":246,"links":247},"Company",[248,253,258,263,268,273,278,282,287,292,297,302],{"text":249,"config":250},"About",{"href":251,"dataGaName":252,"dataGaLocation":61},"/company/","company",{"text":254,"config":255},"Jobs",{"href":256,"dataGaName":257,"dataGaLocation":61},"/jobs/","jobs",{"text":259,"config":260},"Leadership",{"href":261,"dataGaName":262,"dataGaLocation":61},"/company/team/e-group/","leadership",{"text":264,"config":265},"Team",{"href":266,"dataGaName":267,"dataGaLocation":61},"/company/team/","team",{"text":269,"config":270},"Handbook",{"href":271,"dataGaName":272,"dataGaLocation":61},"https://handbook.gitlab.com/","handbook",{"text":274,"config":275},"Investor relations",{"href":276,"dataGaName":277,"dataGaLocation":61},"https://ir.gitlab.com/","investor relations",{"text":279,"config":280},"Sustainability",{"href":281,"dataGaName":279,"dataGaLocation":61},"/sustainability/",{"text":283,"config":284},"Diversity, inclusion and belonging (DIB)",{"href":285,"dataGaName":286,"dataGaLocation":61},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":288,"config":289},"Trust Center",{"href":290,"dataGaName":291,"dataGaLocation":61},"/security/","trust center",{"text":293,"config":294},"Newsletter",{"href":295,"dataGaName":296,"dataGaLocation":61},"/company/contact/","newsletter",{"text":298,"config":299},"Press",{"href":300,"dataGaName":301,"dataGaLocation":61},"/press/","press",{"text":303,"config":304},"Modern Slavery Transparency Statement",{"href":305,"dataGaName":306,"dataGaLocation":61},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":308,"links":309},"Contact Us",[310,315,320,325,330,335,340],{"text":311,"config":312},"Contact an expert",{"href":313,"dataGaName":314,"dataGaLocation":61},"/sales/","sales",{"text":316,"config":317},"Get help",{"href":318,"dataGaName":319,"dataGaLocation":61},"/support/","get help",{"text":321,"config":322},"Customer portal",{"href":323,"dataGaName":324,"dataGaLocation":61},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":326,"config":327},"Status",{"href":328,"dataGaName":329,"dataGaLocation":61},"https://status.gitlab.com/","status",{"text":331,"config":332},"Terms of use",{"href":333,"dataGaName":334,"dataGaLocation":61},"/terms/","terms of use",{"text":336,"config":337},"Privacy statement",{"href":338,"dataGaName":339,"dataGaLocation":61},"/privacy/","privacy statement",{"text":341,"config":342},"Cookie preferences",{"dataGaName":343,"dataGaLocation":61,"id":344,"isOneTrustButton":13},"cookie preferences","ot-sdk-btn",{"items":346},[347,349,351],{"text":331,"config":348},{"href":333,"dataGaName":334,"dataGaLocation":61},{"text":336,"config":350},{"href":338,"dataGaName":339,"dataGaLocation":61},{"text":341,"config":352},{"dataGaName":343,"dataGaLocation":61,"id":344,"isOneTrustButton":13},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":358,"_dir":359,"_draft":6,"_partial":6,"_locale":7,"visibility":13,"id":360,"title":361,"button":362,"_id":366,"_type":46,"_source":47,"_file":367,"_stem":368,"_extension":50},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":363,"text":365},{"href":364},"https://about.gitlab.com/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":370,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":371,"subscribeLink":376,"navItems":380,"_id":393,"_type":46,"title":394,"_source":47,"_file":395,"_stem":396,"_extension":50},"/shared/en-us/the-source/navigation",{"altText":372,"config":373},"the source logo",{"src":374,"href":375},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":377,"config":378},"Subscribe",{"href":379},"#subscribe",[381,385,389],{"text":382,"config":383},"Artificial Intelligence",{"href":384},"/the-source/ai/",{"text":386,"config":387},"Security & Compliance",{"href":388},"/the-source/security/",{"text":390,"config":391},"Platform & Infrastructure",{"href":392},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":398,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":399,"description":400,"submitMessage":401,"formData":402,"_id":405,"_type":46,"_source":47,"_file":406,"_stem":407,"_extension":50},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":403},{"formId":404,"formName":296,"hideRequiredLabel":13},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"categoryNames":409},{"ai":382,"platform":390,"security":386},{"_path":411,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":412,"config":413,"seo":414,"content":417,"slug":5,"_id":430,"_type":46,"title":7,"_source":47,"_file":431,"_stem":432,"_extension":50},"/en-us/the-source/security","category",{"layout":9},{"title":386,"description":415,"ogImage":416},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[418,423],{"componentName":419,"type":419,"componentContent":420},"TheSourceCategoryHero",{"title":386,"description":415,"image":421},{"config":422},{"src":416},{"componentName":424,"type":424,"componentContent":425},"TheSourceCategoryMainSection",{"config":426},{"gatedAssets":427},[428,429,14],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":434,"_dir":435,"_draft":6,"_partial":6,"_locale":7,"config":436,"title":438,"description":439,"link":440,"_id":446,"_type":46,"_source":47,"_file":447,"_stem":448,"_extension":50},"/shared/en-us/the-source/gated-assets/application-security-in-the-digital-age","gated-assets",{"id":14,"formId":437},1002,"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":441,"config":442},"Read the report",{"href":443,"dataGaName":444,"dataGaLocation":445},"https://about.gitlab.com/developer-survey/2024/security-compliance","Application Security in the Digital Age","thesource","content:shared:en-us:the-source:gated-assets:application-security-in-the-digital-age.yml","shared/en-us/the-source/gated-assets/application-security-in-the-digital-age.yml","shared/en-us/the-source/gated-assets/application-security-in-the-digital-age",{"_path":411,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":412,"config":450,"seo":451,"content":452,"slug":5,"_id":430,"_type":46,"title":7,"_source":47,"_file":431,"_stem":432,"_extension":50},{"layout":9},{"title":386,"description":415,"ogImage":416},[453,457],{"componentName":419,"type":419,"componentContent":454},{"title":386,"description":415,"image":455},{"config":456},{"src":416},{"componentName":424,"type":424,"componentContent":458},{"config":459},{"gatedAssets":460},[428,429,14],[462,466,479],{"_path":434,"_dir":435,"_draft":6,"_partial":6,"_locale":7,"config":463,"title":438,"description":439,"link":464,"_id":446,"_type":46,"_source":47,"_file":447,"_stem":448,"_extension":50},{"id":14,"formId":437},{"text":441,"config":465},{"href":443,"dataGaName":444,"dataGaLocation":445},{"_path":467,"_dir":435,"_draft":6,"_partial":6,"_locale":7,"config":468,"title":469,"description":470,"link":471,"_id":476,"_type":46,"_source":47,"_file":477,"_stem":478,"_extension":50},"/shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience",{"id":429},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":472,"config":473},"Download the guide",{"href":474,"dataGaName":475,"dataGaLocation":445},"https://about.gitlab.com/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:gated-assets:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":480,"_dir":435,"_draft":6,"_partial":6,"_locale":7,"config":481,"title":482,"description":483,"link":484,"_id":489,"_type":46,"_source":47,"_file":490,"_stem":491,"_extension":50},"/shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms",{"id":428},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":485,"config":486},"Read the guide",{"href":487,"dataGaName":488,"dataGaLocation":445},"https://about.gitlab.com/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","content:shared:en-us:the-source:gated-assets:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms",[493,518,534,552,568,588,609,631,647,666,688,706,727,743,762,779,797,817,835,854,875,895,911,927,947,965,986,1004,1023,1039,1060],{"_path":494,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":496,"seo":497,"content":499,"type":513,"slug":514,"_id":515,"_type":46,"title":498,"_source":47,"_file":516,"_stem":517,"_extension":50},"/en-us/the-source/authors/amanda-rueda","authors",{"layout":9},{"title":498},"Amanda Rueda",[500,511],{"type":501,"componentName":501,"componentContent":502},"TheSourceAuthorHero",{"config":503,"name":498,"role":506,"bio":507,"headshot":508},{"gitlabHandle":504,"linkedInProfileUrl":505},"amandarueda","https://www.linkedin.com/in/amandamrueda/","Senior Product Manager","Amanda Rueda is a Senior Product Manager at GitLab, specializing in strategic product vision, agile planning, and leveraging AI to enhance workflows and user experiences. Amanda is a thought leader in agile planning and product management workflows, and enjoys building GitLab features that drive team collaboration, transparent project management, and high-performing teams.",{"altText":498,"config":509},{"src":510},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463383/osecw1pzbxvb7fhqhiky.png",{"componentName":512,"type":512},"TheSourceArticlesList","author","amanda-rueda","content:en-us:the-source:authors:amanda-rueda.yml","en-us/the-source/authors/amanda-rueda.yml","en-us/the-source/authors/amanda-rueda",{"_path":519,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":520,"seo":521,"content":523,"type":513,"slug":530,"_id":531,"_type":46,"title":522,"_source":47,"_file":532,"_stem":533,"_extension":50},"/en-us/the-source/authors/andre-michael-braun",{"layout":9},{"title":522},"Andre Michael Braun",[524,529],{"type":501,"componentName":501,"componentContent":525},{"name":522,"headshot":526},{"altText":522,"config":527},{"src":528},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463336/yl27k7wdlnkzsizwknn1.jpg",{"componentName":512,"type":512},"andre-michael-braun","content:en-us:the-source:authors:andre-michael-braun.yml","en-us/the-source/authors/andre-michael-braun.yml","en-us/the-source/authors/andre-michael-braun",{"_path":535,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":536,"seo":537,"content":539,"type":513,"slug":548,"_id":549,"_type":46,"title":538,"_source":47,"_file":550,"_stem":551,"_extension":50},"/en-us/the-source/authors/andrew-haschka",{"layout":9},{"title":538},"Andrew Haschka",[540,547],{"type":501,"componentName":501,"componentContent":541},{"name":538,"role":542,"bio":543,"headshot":544},"Field CTO, Asia Pacific & Japan","Andrew Haschka is the CTO for Asia Pacific & Japan at GitLab, acting as the trusted advisor to GitLab partners and customers. Andrew takes a consultative approach to address common and unique business requirements. He provides subject matter expertise and industry experience throughout the customer’s modernisation journey, working with product management and engineering teams to evolve product features to meet market demand.",{"altText":538,"config":545},{"src":546},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463349/z1qnc4uxmqgg3hnm3da4.png",{"componentName":512,"type":512},"andrew-haschka","content:en-us:the-source:authors:andrew-haschka.yml","en-us/the-source/authors/andrew-haschka.yml","en-us/the-source/authors/andrew-haschka",{"_path":553,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":554,"seo":555,"content":557,"type":513,"slug":564,"_id":565,"_type":46,"title":556,"_source":47,"_file":566,"_stem":567,"_extension":50},"/en-us/the-source/authors/ayoub-fandi",{"layout":9},{"title":556},"Ayoub Fandi",[558,563],{"componentName":501,"type":501,"componentContent":559},{"name":556,"headshot":560},{"altText":556,"config":561},{"src":562},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463329/wyp554loeyoibx3ozren.jpg",{"componentName":512,"type":512},"ayoub-fandi","content:en-us:the-source:authors:ayoub-fandi.yml","en-us/the-source/authors/ayoub-fandi.yml","en-us/the-source/authors/ayoub-fandi",{"_path":569,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":570,"seo":571,"content":573,"type":513,"slug":584,"_id":585,"_type":46,"title":572,"_source":47,"_file":586,"_stem":587,"_extension":50},"/en-us/the-source/authors/bob-stevens",{"layout":9},{"title":572},"Bob Stevens",[574,583],{"componentName":501,"type":501,"componentContent":575},{"config":576,"name":572,"role":579,"headshot":580},{"gitlabHandle":577,"linkedInProfileUrl":578},"bstevens1","https://www.linkedin.com/in/bob-stevens-1237564/","Public Sector Area Vice President, GitLab",{"altText":572,"config":581},{"src":582},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687939/mv3lhtimdzr8jmfqmbk1.jpg",{"componentName":512,"type":512},"bob-stevens","content:en-us:the-source:authors:bob-stevens.yml","en-us/the-source/authors/bob-stevens.yml","en-us/the-source/authors/bob-stevens",{"_path":589,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":590,"seo":591,"content":593,"type":513,"slug":605,"_id":606,"_type":46,"title":592,"_source":47,"_file":607,"_stem":608,"_extension":50},"/en-us/the-source/authors/brian-wald",{"layout":9},{"title":592},"Brian Wald",[594,604],{"componentName":501,"type":501,"componentContent":595},{"config":596,"name":592,"role":599,"bio":600,"headshot":601},{"gitlabHandle":597,"linkedInProfileUrl":598},"brianwald","https://www.linkedin.com/in/brianwald/","Head of Global Field CTO org","Brian Wald is Head of Global Field CTO org at GitLab. He leads a dynamic team of Field CTOs dedicated to transforming enterprise software development practices.",{"altText":592,"config":602},{"src":603},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463417/fugpbux9miqbdx3wewtu.jpg",{"componentName":512,"type":512},"brian-wald","content:en-us:the-source:authors:brian-wald.yml","en-us/the-source/authors/brian-wald.yml","en-us/the-source/authors/brian-wald",{"_path":610,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":611,"seo":612,"content":614,"type":513,"slug":627,"_id":628,"_type":46,"title":613,"_source":47,"_file":629,"_stem":630,"_extension":50},"/en-us/the-source/authors/bryan-ross",{"layout":9},{"title":613},"Bryan Ross",[615,626],{"componentName":501,"type":501,"componentContent":616},{"config":617,"name":613,"role":621,"bio":622,"headshot":623},{"gitlabHandle":618,"twitterXProfileUrl":619,"linkedInProfileUrl":620},"bryanrossuk","https://twitter.com/bryanrossuk","https://www.linkedin.com/in/bryanross","Field CTO","With over 15 years of industry experience as a senior IT leader, Bryan helps customers realize business value from IT faster. Equally comfortable speaking with executives and engineers alike, he bridges the gap between technical and business stakeholders through compelling storytelling and real-world examples. With a knack for delivering authentic, impactful messages, he enjoys helping others at the intersection of technology, people and process.",{"altText":613,"config":624},{"src":625},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463324/mvdyvskii4hltdrgqxom.jpg",{"componentName":512,"type":512},"bryan-ross","content:en-us:the-source:authors:bryan-ross.yml","en-us/the-source/authors/bryan-ross.yml","en-us/the-source/authors/bryan-ross",{"_path":632,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":633,"seo":634,"content":636,"type":513,"slug":643,"_id":644,"_type":46,"title":635,"_source":47,"_file":645,"_stem":646,"_extension":50},"/en-us/the-source/authors/chandler-gibbons",{"layout":9},{"title":635},"Chandler Gibbons",[637,642],{"componentName":501,"type":501,"componentContent":638},{"name":635,"headshot":639},{"altText":635,"config":640},{"src":641},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463362/o7g9fqtqtjvegfwniuxh.jpg",{"componentName":512,"type":512},"chandler-gibbons","content:en-us:the-source:authors:chandler-gibbons.yml","en-us/the-source/authors/chandler-gibbons.yml","en-us/the-source/authors/chandler-gibbons",{"_path":648,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":649,"seo":650,"content":652,"type":513,"slug":662,"_id":663,"_type":46,"title":651,"_source":47,"_file":664,"_stem":665,"_extension":50},"/en-us/the-source/authors/dave-steer",{"layout":9},{"title":651},"Dave Steer",[653,661],{"componentName":501,"type":501,"componentContent":654},{"config":655,"name":651,"role":657,"headshot":658},{"gitlabHandle":656},"dsteer","Vice President, Product Marketing",{"altText":651,"config":659},{"src":660},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463457/zbtapdkglu3yb9suaq7w.png",{"componentName":512,"type":512},"dave-steer","content:en-us:the-source:authors:dave-steer.yml","en-us/the-source/authors/dave-steer.yml","en-us/the-source/authors/dave-steer",{"_path":667,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":668,"seo":669,"content":671,"type":513,"slug":683,"_id":684,"_type":46,"title":685,"_source":47,"_file":686,"_stem":687,"_extension":50},"/en-us/the-source/authors/ddesanto",{"layout":9},{"title":670},"David DeSanto",[672,682],{"componentName":501,"type":501,"componentContent":673},{"config":674,"name":670,"role":677,"bio":678,"headshot":679},{"gitlabHandle":675,"linkedInProfileUrl":676},"david","https://www.linkedin.com/in/ddesanto/","Chief Product Officer","David DeSanto is the Chief Product Officer at GitLab Inc., where he leads GitLab’s product division to define and execute GitLab's product vision and roadmap. David is responsible for ensuring the company builds, ships, and supports the platform that reinforces GitLab's leadership in the DevSecOps platform market.",{"altText":670,"config":680},{"src":681},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463446/bgnljs84zcsxj0t6nvix.png",{"componentName":512,"type":512},"ddesanto","content:en-us:the-source:authors:ddesanto.yml","Ddesanto","en-us/the-source/authors/ddesanto.yml","en-us/the-source/authors/ddesanto",{"_path":689,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":690,"seo":691,"content":693,"type":513,"slug":701,"_id":702,"_type":46,"title":703,"_source":47,"_file":704,"_stem":705,"_extension":50},"/en-us/the-source/authors/derek-debellis",{"layout":9},{"title":692},"Derek DeBellis",[694,700],{"componentName":501,"type":501,"componentContent":695},{"name":692,"role":696,"headshot":697},"Lead Researcher, Google's DORA team ",{"altText":692,"config":698},{"src":699},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463385/sbnjwfaguszi5g2smzr7.png",{"componentName":512,"type":512},"derek-debellis","content:en-us:the-source:authors:derek-debellis.yml","Derek Debellis","en-us/the-source/authors/derek-debellis.yml","en-us/the-source/authors/derek-debellis",{"_path":707,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":708,"seo":709,"content":711,"type":513,"slug":723,"_id":724,"_type":46,"title":710,"_source":47,"_file":725,"_stem":726,"_extension":50},"/en-us/the-source/authors/emilio-salvador",{"layout":9},{"title":710},"Emilio Salvador",[712,722],{"componentName":501,"type":501,"componentContent":713},{"config":714,"name":710,"role":717,"bio":718,"headshot":719},{"gitlabHandle":715,"linkedInProfileUrl":716},"esalvadorp","https://www.linkedin.com/in/emiliosp/","Vice President, Strategy and Developer Relations","Emilio Salvador is vice president of strategy and developer relations at GitLab. A technology executive with more than 20 years of experience, Emilio has held roles at Amazon and Microsoft, and most recently led strategy and operations for the Developer Advocacy and Experience team at Google. He holds an MBA from MIT Sloan School of Management.",{"altText":710,"config":720},{"src":721},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463402/g0snp3uisjm4tj3pkqcw.jpg",{"componentName":512,"type":512},"emilio-salvador","content:en-us:the-source:authors:emilio-salvador.yml","en-us/the-source/authors/emilio-salvador.yml","en-us/the-source/authors/emilio-salvador",{"_path":728,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":729,"seo":730,"content":732,"type":513,"slug":739,"_id":740,"_type":46,"title":731,"_source":47,"_file":741,"_stem":742,"_extension":50},"/en-us/the-source/authors/erika-feldman",{"layout":9},{"title":731},"Erika Feldman",[733,738],{"componentName":501,"type":501,"componentContent":734},{"name":731,"headshot":735},{"altText":731,"config":736},{"src":737},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463354/d9quqvz7d2ayjwif7vdn.png",{"componentName":512,"type":512},"erika-feldman","content:en-us:the-source:authors:erika-feldman.yml","en-us/the-source/authors/erika-feldman.yml","en-us/the-source/authors/erika-feldman",{"_path":744,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":745,"seo":746,"content":748,"type":513,"slug":758,"_id":759,"_type":46,"title":747,"_source":47,"_file":760,"_stem":761,"_extension":50},"/en-us/the-source/authors/george-kichukov",{"layout":9},{"title":747},"George Kichukov",[749,757],{"componentName":501,"type":501,"componentContent":750},{"config":751,"name":747,"role":621,"bio":753,"headshot":754},{"gitlabHandle":752},"gkichukov","George Kichukov brings over two decades of expertise in software development, enterprise architecture, and technology leadership to his role as Financial Services Field CTO for GitLab. His career began in the startup ecosystem, where he spent five years developing name-matching technologies deployed across government, defense, and financial services. George transitioned into solution architecture, where he guided financial institutions in modernizing their application development practices. Prior to GitLab, George spent 12 years at a large financial services organization leading developer services, application security programs and DevOps infrastructure automation platforms. In his current role at GitLab, George partners with financial services organizations, helping them achieve their strategic objectives in DevOps, DevSecOps, Developer Experience, SDLC compliance, and using AI across software development.",{"altText":747,"config":755},{"src":756},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463366/dk2knfancgsxocjkmyoa.jpg",{"componentName":512,"type":512},"george-kichukov","content:en-us:the-source:authors:george-kichukov.yml","en-us/the-source/authors/george-kichukov.yml","en-us/the-source/authors/george-kichukov",{"_path":763,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":764,"seo":765,"content":767,"type":513,"slug":774,"_id":775,"_type":46,"title":776,"_source":47,"_file":777,"_stem":778,"_extension":50},"/en-us/the-source/authors/gitlab",{"layout":9},{"title":766},"GitLab",[768,773],{"componentName":501,"type":501,"componentContent":769},{"name":766,"headshot":770},{"altText":766,"config":771},{"src":772},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463461/ts7io0hgpdyqylbzfire.png",{"componentName":512,"type":512},"gitlab","content:en-us:the-source:authors:gitlab.yml","Gitlab","en-us/the-source/authors/gitlab.yml","en-us/the-source/authors/gitlab",{"_path":780,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":781,"seo":782,"content":784,"type":513,"slug":793,"_id":794,"_type":46,"title":783,"_source":47,"_file":795,"_stem":796,"_extension":50},"/en-us/the-source/authors/grant-hickman",{"layout":9},{"title":783},"Grant Hickman",[785,792],{"componentName":501,"type":501,"componentContent":786},{"config":787,"name":783,"headshot":789},{"gitlabHandle":788},"g.hickman",{"altText":783,"config":790},{"src":791},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463463/f3uqwtugqotyhwutz5gu.png",{"componentName":512,"type":512},"grant-hickman","content:en-us:the-source:authors:grant-hickman.yml","en-us/the-source/authors/grant-hickman.yml","en-us/the-source/authors/grant-hickman",{"_path":798,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":799,"seo":800,"content":802,"type":513,"slug":813,"_id":814,"_type":46,"title":801,"_source":47,"_file":815,"_stem":816,"_extension":50},"/en-us/the-source/authors/haim-snir",{"layout":9},{"title":801},"Haim Snir",[803,812],{"componentName":501,"type":501,"componentContent":804},{"config":805,"name":801,"role":808,"headshot":809},{"gitlabHandle":806,"linkedInProfileUrl":807},"hsnir1","https://www.linkedin.com/in/haimsnir/","Senior Product Manager, Dev & Analytics, GitLab",{"altText":801,"config":810},{"src":811},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463395/nubmshvaq8wpomopllni.png",{"componentName":512,"type":512},"haim-snir","content:en-us:the-source:authors:haim-snir.yml","en-us/the-source/authors/haim-snir.yml","en-us/the-source/authors/haim-snir",{"_path":818,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":819,"seo":820,"content":822,"type":513,"slug":826,"_id":831,"_type":46,"title":832,"_source":47,"_file":833,"_stem":834,"_extension":50},"/en-us/the-source/authors/iganbaruch",{"layout":9},{"title":821},"Itzik Gan Baruch",[823,830],{"componentName":501,"type":501,"componentContent":824},{"config":825,"name":821,"headshot":827},{"gitlabHandle":826},"iganbaruch",{"altText":821,"config":828},{"src":829},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463443/vibb2fkc0ojni2d1eqde.png",{"componentName":512,"type":512},"content:en-us:the-source:authors:iganbaruch.yml","Iganbaruch","en-us/the-source/authors/iganbaruch.yml","en-us/the-source/authors/iganbaruch",{"_path":836,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":837,"seo":838,"content":840,"type":513,"slug":849,"_id":850,"_type":46,"title":851,"_source":47,"_file":852,"_stem":853,"_extension":50},"/en-us/the-source/authors/jlongo",{"layout":9},{"title":839},"Joseph Longo",[841,848],{"componentName":501,"type":501,"componentContent":842},{"config":843,"name":839,"headshot":845},{"gitlabHandle":844},"jlongo_gitlab",{"altText":839,"config":846},{"src":847},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463434/uoxaknpmoposbbgzqji8.png",{"componentName":512,"type":512},"jlongo","content:en-us:the-source:authors:jlongo.yml","Jlongo","en-us/the-source/authors/jlongo.yml","en-us/the-source/authors/jlongo",{"_path":855,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":856,"seo":857,"content":859,"type":513,"slug":871,"_id":872,"_type":46,"title":858,"_source":47,"_file":873,"_stem":874,"_extension":50},"/en-us/the-source/authors/joel-krooswyk",{"layout":9},{"title":858},"Joel Krooswyk",[860,870],{"componentName":501,"type":501,"componentContent":861},{"config":862,"name":858,"role":865,"bio":866,"headshot":867},{"gitlabHandle":863,"linkedInProfileUrl":864},"jkrooswyk","https://www.linkedin.com/in/joelrkrooswyk/","Federal CTO","Joel Krooswyk is the Federal CTO at GitLab. Joel has actively been involved in GitLab’s growth since 2017. His 25 years of leadership experience span not only the U.S. Public Sector, but also small, mid-market, and enterprise businesses globally. Joel combines deep government policy expertise with a wealth of experience in technology, software development, AI, and cybersecurity. He is frequently called upon by industry and agencies alike for policy commentary and response.",{"altText":858,"config":868},{"src":869},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463423/mkmdhuxsjggfvokdmdv7.jpg",{"componentName":512,"type":512},"joel-krooswyk","content:en-us:the-source:authors:joel-krooswyk.yml","en-us/the-source/authors/joel-krooswyk.yml","en-us/the-source/authors/joel-krooswyk",{"_path":876,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":877,"seo":878,"content":880,"type":513,"slug":12,"_id":892,"_type":46,"title":879,"_source":47,"_file":893,"_stem":894,"_extension":50},"/en-us/the-source/authors/josh-lemos",{"layout":9},{"title":879},"Josh Lemos",[881,891],{"componentName":501,"type":501,"componentContent":882},{"config":883,"name":879,"role":886,"bio":887,"headshot":888},{"gitlabHandle":884,"linkedInProfileUrl":885},"joshlemos","https://www.linkedin.com/in/joshlemos/","Chief Information Security Officer","Josh Lemos is the Chief Information Security Officer at GitLab Inc., where he brings 20 years of experience leading information security teams to his role. He is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, fortifying the Gitlab DevSecOps platform and ensuring the highest level of security for customers.",{"altText":879,"config":889},{"src":890},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463405/f4rqtiecakrekvxfhqar.jpg",{"componentName":512,"type":512},"content:en-us:the-source:authors:josh-lemos.yml","en-us/the-source/authors/josh-lemos.yml","en-us/the-source/authors/josh-lemos",{"_path":896,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":897,"seo":898,"content":900,"type":513,"slug":907,"_id":908,"_type":46,"title":899,"_source":47,"_file":909,"_stem":910,"_extension":50},"/en-us/the-source/authors/julie-griffin",{"layout":9},{"title":899},"Julie Griffin",[901,906],{"componentName":501,"type":501,"componentContent":902},{"name":899,"headshot":903},{"altText":899,"config":904},{"src":905},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463371/hqkbr3uk8hw2de7tltn4.webp",{"componentName":512,"type":512},"julie-griffin","content:en-us:the-source:authors:julie-griffin.yml","en-us/the-source/authors/julie-griffin.yml","en-us/the-source/authors/julie-griffin",{"_path":912,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":913,"seo":914,"content":916,"type":513,"slug":923,"_id":924,"_type":46,"title":915,"_source":47,"_file":925,"_stem":926,"_extension":50},"/en-us/the-source/authors/kristina-weis",{"layout":9},{"title":915},"Kristina Weis",[917,922],{"componentName":501,"type":501,"componentContent":918},{"name":915,"headshot":919},{"altText":915,"config":920},{"src":921},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463469/eoolq6n6bs0zb8gmf0js.webp",{"componentName":512,"type":512},"kristina-weis","content:en-us:the-source:authors:kristina-weis.yml","en-us/the-source/authors/kristina-weis.yml","en-us/the-source/authors/kristina-weis",{"_path":928,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":929,"seo":930,"content":932,"type":513,"slug":943,"_id":944,"_type":46,"title":931,"_source":47,"_file":945,"_stem":946,"_extension":50},"/en-us/the-source/authors/lee-faus",{"layout":9},{"title":931},"Lee Faus",[933,942],{"componentName":501,"type":501,"componentContent":934},{"config":935,"name":931,"role":937,"bio":938,"headshot":939},{"gitlabHandle":936},"lfaus","Global Field CTO","Lee Faus is a Global Field CTO at GitLab. Lee has been a software architect, teacher, professor, and educator for over 25 years. He leverages his experience as an educator to bring complex technology concepts into a business forum where executives gain valuable advice to positively impact their business.",{"altText":931,"config":940},{"src":941},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463398/vivhlomglvnstamj54bo.jpg",{"componentName":512,"type":512},"lee-faus","content:en-us:the-source:authors:lee-faus.yml","en-us/the-source/authors/lee-faus.yml","en-us/the-source/authors/lee-faus",{"_path":948,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":949,"seo":950,"content":952,"type":513,"slug":956,"_id":961,"_type":46,"title":962,"_source":47,"_file":963,"_stem":964,"_extension":50},"/en-us/the-source/authors/ncregan",{"layout":9},{"title":951},"Niall Cregan",[953,960],{"componentName":501,"type":501,"componentContent":954},{"config":955,"name":951,"headshot":957},{"gitlabHandle":956},"ncregan",{"altText":951,"config":958},{"src":959},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463431/yrtwodocb4cu3j7lkhyo.png",{"componentName":512,"type":512},"content:en-us:the-source:authors:ncregan.yml","Ncregan","en-us/the-source/authors/ncregan.yml","en-us/the-source/authors/ncregan",{"_path":966,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":967,"seo":968,"content":970,"type":513,"slug":981,"_id":982,"_type":46,"title":983,"_source":47,"_file":984,"_stem":985,"_extension":50},"/en-us/the-source/authors/rschulman",{"layout":9},{"title":969},"Robin Schulman",[971,980],{"componentName":501,"type":501,"componentContent":972},{"config":973,"name":969,"role":975,"bio":976,"headshot":977},{"gitlabHandle":974},"robin","Chief Legal Officer","Robin Schulman is the Chief Legal Officer, Head of Corporate Affairs, and Corporate Secretary of GitLab Inc., the DevSecOps platform.",{"altText":969,"config":978},{"src":979},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463437/u2xfbudw1f8hhnkrgaoy.webp",{"componentName":512,"type":512},"rschulman","content:en-us:the-source:authors:rschulman.yml","Rschulman","en-us/the-source/authors/rschulman.yml","en-us/the-source/authors/rschulman",{"_path":987,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":988,"seo":989,"content":991,"type":513,"slug":1000,"_id":1001,"_type":46,"title":990,"_source":47,"_file":1002,"_stem":1003,"_extension":50},"/en-us/the-source/authors/sabrina-farmer",{"layout":9},{"title":990},"Sabrina Farmer",[992,999],{"componentName":501,"type":501,"componentContent":993},{"name":990,"role":994,"bio":995,"headshot":996},"Chief Technology Officer","Sabrina Farmer is the Chief Technology Officer at GitLab, where she leads software engineering, operations, and customer support teams to execute the company's technical vision and strategy and oversee the development and delivery of GitLab's products and services.\n\nPrior to GitLab, Sabrina spent nearly two decades at Google, where she most recently served as vice president of engineering, core infrastructure. During her tenure with Google, she was directly responsible for the reliability, performance, and efficiency of all of Google's billion-user products and infrastructure.\n\nA long-time advocate for women in technology, Farmer earned a B.S. in Computer Science at the University of New Orleans, where she established two scholarships to help level the playing field for inclusion and empowerment in technology.",{"altText":990,"config":997},{"src":998},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463377/udmzbjjr5xrcrffdlphx.webp",{"componentName":512,"type":512},"sabrina-farmer","content:en-us:the-source:authors:sabrina-farmer.yml","en-us/the-source/authors/sabrina-farmer.yml","en-us/the-source/authors/sabrina-farmer",{"_path":1005,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":1006,"seo":1007,"content":1009,"type":513,"slug":1019,"_id":1020,"_type":46,"title":1008,"_source":47,"_file":1021,"_stem":1022,"_extension":50},"/en-us/the-source/authors/sandra-gittlen",{"layout":9},{"title":1008},"Sandra Gittlen",[1010,1018],{"componentName":501,"type":501,"componentContent":1011},{"config":1012,"name":1008,"role":1014,"headshot":1015},{"gitlabHandle":1013},"sgittlen","Managing Editor, Blog",{"altText":1008,"config":1016},{"src":1017},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463466/r7ckb9h2zr4c2rsz3zlm.png",{"componentName":512,"type":512},"sandra-gittlen","content:en-us:the-source:authors:sandra-gittlen.yml","en-us/the-source/authors/sandra-gittlen.yml","en-us/the-source/authors/sandra-gittlen",{"_path":1024,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":1025,"seo":1026,"content":1028,"type":513,"slug":1035,"_id":1036,"_type":46,"title":1027,"_source":47,"_file":1037,"_stem":1038,"_extension":50},"/en-us/the-source/authors/sharon-gaudin",{"layout":9},{"title":1027},"Sharon Gaudin",[1029,1034],{"componentName":501,"type":501,"componentContent":1030},{"name":1027,"headshot":1031},{"altText":1027,"config":1032},{"src":1033},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463475/h6j4nnvykzyfzgvl7txb.webp",{"componentName":512,"type":512},"sharon-gaudin","content:en-us:the-source:authors:sharon-gaudin.yml","en-us/the-source/authors/sharon-gaudin.yml","en-us/the-source/authors/sharon-gaudin",{"_path":1040,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":1041,"seo":1042,"content":1044,"type":513,"slug":1056,"_id":1057,"_type":46,"title":1043,"_source":47,"_file":1058,"_stem":1059,"_extension":50},"/en-us/the-source/authors/stephen-walters",{"layout":9},{"title":1043},"Stephen Walters",[1045,1055],{"componentName":501,"type":501,"componentContent":1046},{"config":1047,"name":1043,"role":1050,"bio":1051,"headshot":1052},{"gitlabHandle":1048,"linkedInProfileUrl":1049},"swalters1","https://www.linkedin.com/in/1stephenwalters/","Field CTO, GitLab","Stephen Walters is Field CTO for GitLab. Stephen has been in the IT industry for over 30 years. He is an extensively experienced subject matter expert in Value Stream Management, DevSecOps, DevOps, ALM, SDLC and IT4IT, with management and consultancy experience across end-to-end IT disciplines. Currently also operating as an Ambassador for the DevOps Institute and an Influencer in the Value Stream Management Consortium, he is interested in all things DevOps. Stephen is a co-author of the Value Stream Reference Architectures white paper and is currently pursuing further research into Value Stream Management, Organizational Architecture and AI.",{"altText":1043,"config":1053},{"src":1054},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463392/g6ktk5qb4vcqc9wqjlf9.jpg",{"componentName":512,"type":512},"stephen-walters","content:en-us:the-source:authors:stephen-walters.yml","en-us/the-source/authors/stephen-walters.yml","en-us/the-source/authors/stephen-walters",{"_path":1061,"_dir":495,"_draft":6,"_partial":6,"_locale":7,"config":1062,"seo":1063,"content":1065,"type":513,"slug":1077,"_id":1078,"_type":46,"title":1079,"_source":47,"_file":1080,"_stem":1081,"_extension":50},"/en-us/the-source/authors/taylor-mccaslin",{"layout":9},{"title":1064},"Taylor McCaslin",[1066,1076],{"componentName":501,"type":501,"componentContent":1067},{"config":1068,"name":1064,"role":1071,"bio":1072,"headshot":1073},{"gitlabHandle":1069,"linkedInProfileUrl":1070},"tmccaslin","https://www.linkedin.com/in/taylormccaslin/","Group Manager, Product - Data Science","Taylor McCaslin is the Product Lead for AI/ML at GitLab, where he is responsible for leading the team of product managers who manage the AI Powered and ModelOps stage groups and sets the vision and direction for how to empower GitLab users to leverage data science as part of their DevOps program. Prior to joining GitLab, he held positions at Indeed, Duo Security, and WP Engine.",{"altText":1064,"config":1074},{"src":1075},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463427/trfasilaeasosxfcxmsm.jpg",{"componentName":512,"type":512},"taylor-mccaslin","content:en-us:the-source:authors:taylor-mccaslin.yml","Taylor Mccaslin","en-us/the-source/authors/taylor-mccaslin.yml","en-us/the-source/authors/taylor-mccaslin",1758326282792]