[REVIEW] post-incident-review: add SLO error-budget security linkage gates

[stmr]

[REVIEW] post-incident-review: add SLO error-budget security linkage gates

Skill Being Reviewed

Skill name: post-incident-review
Skill path: skills/incident-response/post-incident-review/

False Positive Analysis

A security incident may have no SLO impact when customer-facing reliability stayed within objective and evidence supports that scope.

Coverage Gaps

The review should link security incidents to SLO/error-budget impact when availability, latency, or integrity commitments are affected. Security fixes can consume reliability budget and change prioritization.

Edge Cases

• Containment intentionally takes service offline.
• WAF block reduces attack but increases false positives.
• Integrity incident affects correctness, not uptime.

Remediation Quality

• Add fields: affected SLO, error-budget burn, security containment action, customer impact, and follow-up priority.
• Require product/SRE sign-off when security action affects reliability.
• Track security-driven reliability debt.

Comparison to Other Tools

SRE tooling tracks budget; PIR must tie security decisions to those metrics.

Overall Assessment

Add SLO linkage gates so incident lessons include reliability and security tradeoffs.

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms.
• Preferred payment method: PayPal samik4184@gmail.com