Help Center

Response Targets on Security Pages

We display a summarized version of a program’s response efficiency metric performance on their hacker facing security page. This enables you to set more realistic expectations with hackers regarding the amount of time it will take them to receive a first response, be paid a bounty, etc..

Average Response Efficiency Metrics

A program’s performance average response efficiency metrics (calculated using a rolling 3 month average) are displayed on its security page. You can configure which metrics to display in Settings > Program > Metrics Display.


Response Efficiency Indicator

A program’s performance against HackerOne's response standards (Time to First Response = 5 business days; Time to Triage = 10 business days) is displayed on its security page and report submission page. This provides additional context to potential hackers when they're looking to submit reports to your program.


Indicator Details

How are the percentages calculated? 

  • The percentage is determined by this calculation: ((1-(# of reports that didn't meet response standards / # of total reports created))* 100)
  • The percentage of reports that meet response standards is based on reports created within the last 90 days. 
  • If a report violated response standards at some point during the last 90 days but is no longer violating the standards, it'll still count towards the # of reports that didn't meet response standards.
  • A single report can violate both the response standards for Time to First Response and Time to Triage but each report can only count once as a report that didn't meet the response standards. 

A colored indicator accompanies the percentage of reports that meet response standards. Below are the indicator types and criteria:

Indicator Type



≥ 75% of reports meet response standards


< 75% and ≥ 25% of reports meet response standards


< 25% of reports meet response standards



Have more questions? Submit a request
Powered by Zendesk