Program Metrics

Organizations: Learn how healthy your program is and show hackers

Updated this week

Program metrics show how healthy a program is. They enable hackers to see various statistics regarding:

The metrics are displayed on the right side of the program's security page.

Displaying Program Metrics

To display program metrics on your security page:

  1. Go to Program Settings > Program > Customization > Metrics Display.

  2. Select the statistics you want to display on your security page.

  3. Click Update.​

Response Efficiency Metrics

Response efficiency metrics include:



Avg time to first response

The average time it takes for a first response to be placed on a report.

Avg time to triage

The average time it takes for reports to be triaged.

Avg time to close

The average time it takes for reports to be closed.

Avg time to bounty

The average time it takes between triaging a report and awarding a bounty.

Avg time from submission to bounty

The average time between submitting a report and awarding a bounty.

The averages are calculated by the last 90 days. These metrics give hackers a better idea of how responsive a program is. Learn more about response efficiency metrics.

Program Statistics

Program statistics are calculated over a program’s lifetime. They set realistic expectations with hackers and security teams for how active your program is. Within the program statistics section of your security page, hackers can view:



Total bounties paid

Total bounties paid can be a strong indicator that a bounty program is active and healthy.

Average bounty

The average bounty serves as rough guidance for how much a hacker can expect in return for a valid report. It's displayed as a range from the 45th to 55th percentile.

Top bounty range

Displayed as a range from the 90th to 100th percentile.

Bounties paid in the last 90 days

The total amount of awarded bounties in the last 90 days helps hackers choose healthy, active targets.

Reports received in the last 90 days

The total number of reports submitted in the last 90 days.

Last report resolved

The time that has passed since the last report was resolved.

Reports resolved

The total number of valid reports that have been resolved.

Hackers thanked

The total number of hackers that have submitted valid reports.

Note: Any reports filed by a security team's members will not be reflected in the metrics.

Did this answer your question?