Skip to main content

Response SLA


90% of reattacks, comments and incidents will have a median first response time of less than 16 office hours.


All of the following are necessary conditions for the application of the service-level agreements:

  • The group has the Advanced plan.
  • Both the environment and the source code are accessible.
  • Remote access with no human intervention (no captcha, OTP, etc.).
  • There are over 500 reattacks, comments or incidents.


Besides the general measurement aspects, this SLA is measured taking into account the following:

  • Percentages are determined using percentiles.
  • Office hours correspond to twelve-hour business days, as follows: 7 AM - 7 PM (GMT-5).
  • Only reattacks on vulnerabilities reported as closed.

Indicator calculation

  • For each location, compute the response time for the last reattack request that ended in effective vulnerability close. Consider closes performed by Machine as reattacks with time to respond = 0.
  • Compute the reply time for incidents reported to [email protected]
  • Compute the response time for each vulnerability comment.
  • Merge the response times computed in 1, 2 and 3 in a single dataset.
  • Exclude the top decile of response times and compute the median for the remaining values.