Define a target remediation time depending on severity, quickly identifies overdue reports, and track the respect of such engagement over time.
In the platform Admin Panel, at program level (for Bug Bounty, PTM, or VDP), you can configure a Service Level Agreement (SLA) for remediation in days by editing the program. For each severity level, specify the expected time for a vulnerability to be remediate.
When enabled it automatically compute a "due date" from each report's acceptation date (status "Accepted"). The remediation (status "Resolved") must be done before this due date otherwise, the report will be consider "over due". SLA are applied on each report with the policy configured when the report has been created.
In the Vulnerability Center, the SLA column shows an icon if the report is over due (red) or on time (black). The Vulnerability Center table can be filter to display only "On time" or "Overdue" reports.
If it shows a dash "-", it means that there were no SLA enabled when the report has been created, that the report is not valid and open (from the "Accepted" status), or that there is no value set for this report's CVSS.
In the Report view, the Due date is also displayed in the top-right corner of the report.
With the SLA feature, keep an eye on your vulnerability reports so that remediations can be applied within the deadlines defined by your organisation.