Program metrics show how healthy a program is. They enable hackers to see various statistics regarding program information, efficiency, and statistics. The metrics are displayed on the program's security page.
Response Efficiency Metrics
Response efficiency metrics include:
Item | Details |
Avg time to first response | The average time it takes for a first response to be placed on a report. |
Avg time to triage | The average time it takes for reports to be triaged. |
Avg time to close | The average time it takes for reports to be closed. |
Avg time to bounty | The average time it takes between triaging a report and awarding a bounty. |
Avg time from submission to bounty | The average time between submitting a report and awarding a bounty. |
The averages are calculated by the last 90 days. These metrics give hackers a better idea of how responsive a program is. Learn more about response efficiency metrics.
The Program Highlights section and right sidebar will also display the program's response efficiency as a percentage. Response efficiency shows the percentage of reports from the past 90 days that met their targets for time to first response and time to triage. It’s calculated as 100% minus the percentage of reports that missed these targets.
Program Statistics
Program statistics are calculated over a program’s lifetime. They set realistic expectations for hackers and security teams regarding how active your program is. Within the program statistics section of your security page, hackers can view:
Item | Details |
Total bounties paid | Total bounties paid can be a strong indicator that a bounty program is active and healthy. |
Average bounty | The average bounty serves as rough guidance for how much a hacker can expect in return for a valid report. |
Top bounty range | Highest bounties the hacker can expect. |
Bounties paid in the last 90 days | The total amount of awarded bounties in the last 90 days helps hackers choose healthy, active targets. |
Reports received in the last 90 days | The total number of reports submitted in the last 90 days. |
Last report resolved | The time that has passed since the last report was resolved. |
Reports resolved | The total number of valid reports that have been resolved. |
Hackers thanked | The total number of hackers that have submitted valid reports. |
Assets in Scope | How many assets are available to be hacked on. |
Note: Any reports filed by a security team's members will not be reflected in the metrics.
Displaying Program Metrics
To display program metrics on your security page:
Go to Program Settings > Customizations > Metrics Display.
Select the statistics you want to display on your security page.
Click Update.
