Average Response Efficiency Metrics
HackerOne displays a program's average response efficiency metrics on the security page to enable hackers to see how responsive your program is about:
giving a first response
paying out a bounty
resolving a vulnerability
The average times are calculated on a rolling 3-month basis, and you can configure which metrics to display in Program Settings > Customizations > Metrics Display.
Indicator Details
The Program Highlights section and right sidebar will also display the program's response efficiency as a percentage.
How are the percentages calculated?
Response efficiency shows the percentage of reports from the past 90 days that met their targets for time to first response and time to triage. It’s calculated as 100% minus the percentage of reports that missed these targets.
If a report violated response standards at some point during the last 90 days but no longer violates the standards, it still counts toward the # of reports that didn't meet response standards.
A single report can violate both the response standards for Time to First Response and Time to Triage, but each report can only count once as a report that didn't meet the response standards.
A colored indicator accompanies the percentage of reports that meet response standards. Below are the indicator types and criteria:
Indicator Type | Criteria |
Green | ≥ 75% of reports meet response standards |
Yellow | < 75% and ≥ 25% of reports meet response standards |
Red | < 25% of reports meet response standards |