Response SLA | Fluid Attacks Help

Response SLA

Description

At least 90% of reattack requests, comments, events and incidents will receive a first response within a median time of less than 16 office hours.

Criteria

The following conditions must be met for this service-level agreement (SLA) indicator to apply:

  • Your group must have the Advanced plan.
  • Both the source code and its related environment must be accessible.
  • Remote access without human intervention must be enabled (e.g., no CAPTCHA, OTP).
  • Over 500 reattacks, comments, or incidents have been requested, posted, or reported, respectively.

Details

In addition to the general measurement aspects, the following is taken into account to measure this SLA indicator:

  • Percentages are determined using percentiles.
  • Office hours correspond to twelve-hour business days, specifically 7 a.m. to 7 p.m. UTC-5.
  • Only reattacks on vulnerabilities reported as closed are included.

Indicator calculation

Response is calculated as follows:
  • For each individual vulnerability, compute the response time for the last reattack that resulted in the vulnerability being effectively closed (i.e., the vulnerability Status changed from 'Vulnerable' to 'Safe'). If the vulnerability was closed without a previous reattack request, consider this a reattack with a response time of 0. Vulnerabilities with the following closing reasons must be excluded from the calculation: Root moved to another group, root or environment deactivated, and exclusion.
  • Compute the response times for incidents reported to help@fluidattacks.com.
  • Compute the response time for each comment on a vulnerability.
  • Compute the response time for each comment on a event.
  • Calculate the response time for each verification request on an event:
    • Time is measured from the moment the verification is requested to the moment it is responded to (either verified as solved or unsolved).
    • If the closure was proactive by Fluid Attacks (i.e., no verification request was made), assign a response time of 0.
  • Merge the response times calculated in steps 1, 2, 3, 4, and 5 into a single dataset.
  • Exclude the top decile (top 10%) of response times and compute the median for the remaining values.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.