Incident Manager is now always the assigned SwEng person

All Hands 2026 decision.

diff --git a/.gitlab/issue_templates/Internal_use_only-CVE.md b/.gitlab/issue_templates/Internal_use_only-CVE.md
index 9444ef852c204bda576e6a162ca65bbab77d3675..e7ffe392e6a4e012cdb7c787b44665b32bfac7cf 100644 (file)
--- a/.gitlab/issue_templates/Internal_use_only-CVE.md
+++ b/.gitlab/issue_templates/Internal_use_only-CVE.md
@@ -8,7 +8,7 @@ confidential!
 -->
 | Quick Links              | :link:                                          |
 | ------------------------ | ----------------------------------------------- |
-| Incident Manager:        | @user                                           |
+| Incident Manager:        | @user (assigned SwEng person)                   |
 | Public Disclosure Date:  | YYYY-MM-DD                                      |
 | CVSS Score:              | [0.0][cvss_score_url]                           |
 | CWE:                     | [CWE-NNN][cwe_category_url]                     |
@@ -28,10 +28,10 @@ confidential!
 
 ### Before Code Freeze
 
-  - [ ] [:link:][step_respond]           **(IM)** Respond to the bug reporter
+  - [ ] [:link:][step_respond]           **(SwEng)** Respond to the bug reporter
   - [ ] [:link:][step_public_mrs]        **(SwEng)** Ensure there are no public merge requests which inadvertently disclose the issue
   - [ ] [:link:][step_coordinate_cve_id] **(SwEng)** Check if we need to coordinate with other vendors (an industry-wide CVE identifier might be necessary)
-  - [ ] [:link:][step_assign_cve_id]     **(IM)** Assign a CVE identifier
+  - [ ] [:link:][step_assign_cve_id]     **(SwEng)** Assign a CVE identifier
   - [ ] [:link:][step_note_cve_info]     **(SwEng)** Update this issue with the assigned CVE identifier, the CVSS score, and the CWE category
   - [ ] [:link:][step_versions_affected] **(SwEng)** Determine the range of product versions affected (including the Subscription Edition)
   - [ ] [:link:][step_workarounds]       **(SwEng)** Determine whether workarounds for the problem exist
@@ -70,7 +70,7 @@ confidential!
 
 ### On the Day of Public Disclosure
 
-  - [ ] [:link:][step_clearance]         **(IM)** Grant QA & Marketing clearance to proceed with public release
+  - [ ] [:link:][step_clearance]         **(SwEng)** Grant QA & Marketing clearance to proceed with public release
   - [ ] [:link:][step_matrix]            **(Support)** (BIND 9 only) Add the new CVEs to the vulnerability matrix in the Knowledge Base
   - [ ] [:link:][step_bump_advisory]     **(Support)** Bump Document Version for the Security Advisory in Printing Press
   - [ ] [:link:][step_publish_advisory]  **(Support)** Publish the Security Advisory in the Knowledge Base
@@ -78,7 +78,7 @@ confidential!
   - [ ] [:link:][step_notifications]     **(First IM)** Send notification emails to third parties
   - [ ] [:link:][step_mitre]             **(First IM)** Advise MITRE about the disclosed CVEs
   - [ ] [:link:][step_merge_advisory]    **(First IM)** Merge the Security Advisory merge request
-  - [ ] [:link:][step_embargo_end]       **(IM)** Inform original reporter (if external) that the security disclosure process is complete
+  - [ ] [:link:][step_embargo_end]       **(SwEng)** Inform original reporter (if external) that the security disclosure process is complete
   - [ ] [:link:][step_evn_clear]         **(Support)** Update the tickets in the EVN queues in RT that the embargo is lifted
   - [ ] [:link:][step_customers]         **(Marketing)** Ensure that a ticket has been sent in the appropriate announce queue in RT to notify customers that the release is published (as outlined in the release checklist)