Skip to main content



90% of reattacks, comments and incidents will have a median first response time of less than 16 office hours.


All of the following are necessary conditions for the application of the service-level agreements:

  • The group has a Squad Plan.
  • Both the environment and the source code are accessible.
  • Remote access with no human intervention (no captcha, OTP, etc.).
  • There are over 500 reattacks, comments or incidents.


Besides the general measurement aspects, this SLA is measured taking into account the following:

  • Percentages are determined using percentiles.
  • Office hours correspond to twelve-hour business days, as follows: 7 AM - 7 PM (GMT-5).
  • Only reattacks on vulnerabilities reported as closed.