Program metrics show how healthy a program is. They enable hackers to see various statistics regarding:
The metrics are displayed on the right side of the program's security page.
Displaying Program Metrics
To display program metrics on your security page:
Go to Program Settings > Program > Customization > Metrics Display.
Select the statistics you want to display on your security page.
Response Efficiency Metrics
Response efficiency metrics include:
Average time to first response
Average time to triage
Average time to resolution
Average time to bounty
The averages are calculated by the last 90 days. These metrics give hackers a better idea of how responsive a program is. Learn more about response efficiency metrics.
Program statistics are calculated over a program’s lifetime. They set realistic expectations with hackers and security teams for how active your program is. Within the program statistics section of your security page, hackers can view:
Total bounties paid
Total bounties paid can be a strong indicator that a bounty program is active and healthy.
The average bounty serves as rough guidance for how much a hacker can expect in return for a valid report. It's displayed as a range from the 45th to 55th percentile.
Top bounty range
Displayed as a range from the 90th to 100th percentile.
The total number of valid reports that have been resolved.
The total number of hackers that have submitted valid reports.