Program metrics show how healthy a program is. They enable hackers to see various statistics regarding:
Program Information
The metrics are displayed on the right side of the program's security page.
Displaying Program Metrics
To display program metrics on your security page:
Go to Program Settings > Program > Customization > Metrics Display.
Select the statistics you want to display on your security page.
Click Update.
Response Efficiency Metrics
Response efficiency metrics include:
Item | Details |
Avg time to first response | The average time it takes for a first response to be placed on a report. |
Avg time to triage | The average time it takes for reports to be triaged. |
Avg time to close | The average time it takes for reports to be closed. |
Avg time to bounty | The average time it takes between triaging a report and awarding a bounty. |
Avg time from submission to bounty | The average time between submitting a report and awarding a bounty. |
The averages are calculated by the last 90 days. These metrics give hackers a better idea of how responsive a program is. Learn more about response efficiency metrics.
Program Statistics
Program statistics are calculated over a program’s lifetime. They set realistic expectations with hackers and security teams for how active your program is. Within the program statistics section of your security page, hackers can view:
Item | Details |
Total bounties paid | Total bounties paid can be a strong indicator that a bounty program is active and healthy. |
Average bounty | The average bounty serves as rough guidance for how much a hacker can expect in return for a valid report. It's displayed as a range from the 45th to 55th percentile. |
Top bounty range | Displayed as a range from the 90th to 100th percentile. |
Bounties paid in the last 90 days | The total amount of awarded bounties in the last 90 days helps hackers choose healthy, active targets. |
Reports received in the last 90 days | The total number of reports submitted in the last 90 days. |
Last report resolved | The time that has passed since the last report was resolved. |
Reports resolved | The total number of valid reports that have been resolved. |
Hackers thanked | The total number of hackers that have submitted valid reports. |
Note: Any reports filed by a security team's members will not be reflected in the metrics.