Public Project Performance Metrics

Project performance metrics are integrated into the explore page on our website. As you scroll through the table that lists the projects on our platform, you will see information for a few key performance metrics on each project. This information includes:

• Max Bounty: The maximum bounty that is currently being offered by the project.
• Total Paid: The total amount of money that the project has paid out for bug bounty rewards.
• Median Resolution Time: The median time for a project to resolve a report (i.e. time for a report to be advanced from ‘Escalated’ to either the ‘Closed’ or ‘Paid’ status).
• Last Update: The day that the project’s bug bounty program was last updated.

Furthermore, the table itself contains a header that allows users to sort projects based on any of the categories listed above. For example, by clicking ‘Max Bounty’ a user can sort projects based on which ones are currently offering the highest or the lowest maximum bounties.

You can see the date/time that the metrics were last updated at the top of the ‘Explore Bounties’ page.

This feature benefits projects by allowing them to compare themselves to others based on the aforementioned metrics. Projects who feel they are not receiving enough submissions can use this information to identify areas that need improvement and make bug bounty programs more attractive to whitehats.

Enabling/Disabling Your Performance Metrics

By default, your ‘Total Paid’ and ‘Median Resolution Time’ metrics are disabled, which means that no one can see these metrics when they are browsing the explore page. If you would like to enable one or both of these metrics, simply go to the project settings menu and click the ‘Metrics’ tab. There you can enable these metrics by clicking the appropriate slider.

Please note that while you will see your project’s metrics updated in real time in your project settings, the metrics on the ‘Explore Bounties’ page will only be updated after a two week delay.

Remember, whitehats prefer projects that have a track record of rewarding good submissions in a timely manner, so enabling these metrics can be a good way of making your bug bounty program stand out.