Quickly acknowledging, validating, and resolving submitted issues while recognizing the researcher’s effort is vital for successful vulnerability coordination. This fourth blog in our series on the HackerOne Success Index (HSI) explores response data across nearly 100,000 reports. We found that report resolution time, or the elapsed time between submission and closure as resolved, is the main factor impacting the Response Efficiency dimension. Smaller weight is given to first response time, and the time before a report is triaged or a bounty is awarded. The data offer insights into response best practices and whether to award at resolution or at validation.
Response times in days after submission.
The table above gives the 25th, 50th, and 75th percentiles for the four Response Efficiency inputs across all resolved HackerOne reports, as well as the standard deviation for both top-performers (Response Efficiency Index of 7-10) and the entire platform.
Key findings from the data:
Our data shows some programs prefer to pay their bounties when a vulnerability is validated, and some pay when resolved.
The data show that about 50% of HackerOne programs award at resolution, 18% at validation, and 34% choose when to award on a case-by-case basis. While we generally recommend consistency, there are a couple scenarios when it might make sense to be flexible on when you award bounties:
As always, we welcome any questions or feedback . Our next installment will look at the HackerOne Success Index dimensions of Researcher Depth and Breadth.
– HackerOne Customer Success and Data Science team
HackerOne is the #1 hacker-powered security platform , helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing , our bug bounty program solutions encompass vulnerability assessment , crowdsourced testing and responsible disclosure management . Discover more about our security testing solutions or Contact Us today.
carding fullz buy bins cc