90% of reattacks, comments and incidents will have a median first response time of less than 16 office hours.
All of the following are necessary conditions for the application of the service-level agreements:
- The group has a Squad Plan.
- Both the environment and the source code are accessible.
- Remote access with no human intervention (no captcha, OTP, etc.).
- There are over 500 reattacks, comments or incidents.
Besides the general measurement aspects, this SLA is measured taking into account the following:
- Percentages are determined using percentiles.
- Office hours correspond to twelve-hour business days, as follows: 7 AM - 7 PM (GMT-5).
- Only reattacks on vulnerabilities reported as closed.