Description

At least 90% of reattack requests, comments, and incidents will receive a first response within a median time of less than 16 office hours.

Criteria

The following conditions must be met for this service-level agreement (SLA) indicator to apply:

• Your group must have the Advanced plan.
• Both the source code and its related environment must be accessible.
• Remote access without human intervention must be enabled (e.g., no CAPTCHA, OTP).
• Over 500 reattacks, comments, or incidents have been requested, posted, or reported, respectively.

Details

In addition to the general measurement aspects, the following is taken into account to measure this SLA indicator:

• Percentages are determined using percentiles.
• Office hours correspond to twelve-hour business days, specifically 7 a.m. to 7 p.m. UTC-5.
• Only reattacks on vulnerabilities reported as closed are included.

Indicator calculation

• For each individual vulnerability, compute the response time for the last reattack that resulted in the vulnerability being effectively closed (i.e., the vulnerability Status changed from 'Vulnerable' to 'Safe'). If the vulnerability was closed by the scanner, consider this a reattack with a response time of 0.
• Compute the response times for incidents reported to help@fluidattacks.com.
• Compute the response time for each comment on a vulnerability.
• Merge the response times calculated in steps 1, 2, and 3 into a single dataset.
• Exclude the top decile (top 10%) of response times and compute the median for the remaining values.