Healthy programs make for happy hackers. Introducing response SLAs

How do you measure the success of your HackerOne program? What are the top things hackers look for from security teams? Ever wonder how your peers at other companies are doing against their key performance indicators?

To answer these questions and more, today we’re launching our new response service level agreement (SLA) features to make it easier for you to maintain a healthy, responsive program.

The response SLA features include:

Response SLA: What hackers expect

As we found in our 2017 Hacker-Powered Security Report, responsive programs attract top hackers and repeat hackers are to thank for the majority of valid reports. But what exactly do hackers expect when it comes to responsiveness?

Through surveying hackers and observing our top performing programs, we’ve been able to identify what a healthy program looks like so all our customers have a blueprint to follow. The table below reflects our recommended best practices and will now be configured by default in your response SLA settings and program health dashboard.

*All times above are in business days

Learn more about response SLA metrics.

Response efficiency indicators: Set expectations with hackers

In addition to the existing response efficiency stats (e.g. average time to first response), we have added a response efficiency indicator to your program’s hacker facing security page. This indicator will communicate your program’s current responsiveness state (based on SLA performance) to better set expectations with hackers looking to submit reports.

Note: This hacker facing response efficiency indicator will not be displayed until February 7th 2018. This “grace period” will allow your program to take action on reports which are violating SLAs and to modify your default SLA settings if desired before the indicator is displayed publicly.

Learn more about response efficiency indicators.

Inbox Labels: Act on priority reports

SLA labels (e.g. SLA fail) and the SLA Violations view in the inbox allow you to easily identify which reports are not meeting your SLAs so you can take quick action.

Learn more about SLA inbox labels.

Program Health Dashboard: Track Your Progress

In the new program health dashboard, programs can see a summary of how they stack up against their own SLA targets and HackerOne’s recommendations.

Program Pausing: Take a break if you need it

Sometimes you need time to take a breather and catch up on existing reports without adding to your workload. Program pausing allows programs to temporarily pause new report submissions. Automated alerts will suggest  pausing if your program dips below defined responsiveness limits.

Learn more about pausing report submissions.

What you can do now

• Improve your health. Identify and take action on reports which most need your urgent attention using the SLA inbox view (Inbox > SLA Violations). Note that we are providing a brief “grace period” (from today until February 7th, 2018) to allow you respond to these reports before the hacker facing response efficiency indicator will be visible.

• Customize your SLAs. Review your response SLAs (Settings > Program > Response SLAs). HackerOne’s recommendations are set as default but admins can modify the settings for your program.

The quantitative display of your program health metrics combined with customizable SLAs that are right for your team will empower you to achieve greater hacker engagement.

Please let us know if you have questions or would like help getting started.

This is good news for hackers, indeed

For all our hackers, we hear you. Slow response times are frustrating. These features will improve the experience for all. More responsive programs means improved communication (which means less likelihood of getting the dreaded duplicate) and quicker payouts.

We aim to empower our community of security teams and hackers with best-in-class tools to improve the vulnerability disclosure process and make the internet safer. Together we hit harder! We’ve already got some good feedback from the community and welcome your input as well!

The response SLA features are brought to you by Nisha, Alexander, Aditi, Jobert, Karen, Feb, David and the HackerOne team.

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!