top | item 37570410

(no title)

rtev | 2 years ago

The reason you see so many critical Gitlab security fixes is because they take security so seriously.

They pay huge bounties for security vulnerabilities in their products, so they get the best researchers responsibly disclosing bugs.

discuss

skc|2 years ago

This sounds like bias. Replace "Gitlab" with "Microsoft" or "Oracle" in your comment and I'd wager you'd feel differently.

rtev|2 years ago

I don’t think it is.

Microsoft has a track record for delaying fixes and marking important issues as “not a bug”, so I’m less impressed with their security.

As terrible a corporation as Oracle is, their security response team has been one of the most effective and fast-paced I’ve ever reported to. With that said, they pay nothing to researchers, so Gitlab certainly shows they care more about security.

glintik|2 years ago

Nice hypothesis, but far away from the reality

mattl|2 years ago

GitLab also releases very frequently, minimum once a month with a whole new release. Between releases usually two or three updates but occasionally more.