The Explore dashboard enables you to compare your response times, submissions, and spend data to those of other programs. This enables you to take a deep dive into your data to see what areas you need to focus on to improve your program. You can also create benchmarks and specify the kinds of programs you want to compare your program to based on program type, industry, and company headcount.

Note: Creating benchmarks is currently only available for Enterprise programs.

To access your response targets dashboard:

  1. Go to Program Dashboard > Explore.
  2. Select the appropriate variables for these fields:
Field Details
Metric What you want to measure.

You can choose from:
  • Response Targets metrics:
  • Submissions metrics
    • Needs more info
    • Resolved
    • Closed as Duplicate
    • Closed as N/A
    • Closed as Informative
    • Closed as Spam
    • Closed
    • Re-opened
    • Triaged
    • Submitted
  • Spend metrics:
    • Number of Bounties Paid
    • Sum of Bounties Paid

    Note: Median is the midpoint of your dataset. We're using the median rather than the average as it prevents your data from being skewed by one-off instances.

    Missed is calculated by the number of reports that were longer than the targets you set for yourself.
  • Severity The rating of how severe a vulnerability is.

    You can choose from:
  • All severities
  • No severity
  • Critical
  • High
  • Medium
  • Low
  • None
  • Start date The date you want to start measuring from.
    End date The date you want to stop measuring from.
    View by How you want to view your data.

    You can choose from:
  • Submission date: The date the report was submitted (displays for all Median time metrics and Submission activity)
  • Resolution date: The date the report was resolved (displays when Median time to resolution is the metric)
  • Interval The time between each data point.

    You can choose from:
  • Week
  • Month
  • Quarter
  • Year
  • Filter You can filter your metrics by:
  • Severities
  • Assets
  • Weaknesses
  • Current report state
  • Disclosed state
  • Engaged by your H1 triage team
  • Custom fields
  • Benchmarks Only available for Enterprise programs

    A filter you can create of different program characteristics that you want to compare your program to.

    Each benchmark is an aggregate measure of data of other programs on HackerOne. All data is anonymous so that no program's data will be exposed.

    Once you’ve specified how you’d like to view your data, you’ll be able to drill-down into your data to see how your program has been performing. You’ll get a holistic view of what is and isn’t going well, and be able to discern what areas need improvement.

    You can also see the list of reports that apply to the metric you’re viewing.

    Use Cases

    Here are some example use cases as to why you might want to use Explore.

    Use Case 1: Analyze your data
    You want to understand how well your team is doing in terms of resolution speed so that you can patch vulnerabilities as quickly as possible, but you don’t have a clear understanding of how your program has been doing over time or what could improve.

    Using Explore, you can view key metrics such as Response times, Submissions, and Spend. From the metrics, you can drill down into specific data spikes and compare yourself to previous time periods.

    Use Case 2: Compare yourself to other programs
    You want to understand how well your company is doing in terms of response speed, but you don’t have a clear understanding of what’s considered a “good” speed. Looking at internal data isn’t enough because you have no idea if the company’s security team is doing well compared to the industry at large.

    By choosing Benchmarks in Explore, you can gain insights to your program performance against aggregated market data against other companies based on program type, industry and company headcount.