Metrics that matter (aligned to SLOs)

We keep metrics simple and SLO‑centric, so they’re easy for execs and procurement to follow.

PricingServices

On‑SLO% (by severity)

Share of findings fixed within the agreed window (e.g., S1 = 14 days). Primary north‑star.

SLO Breach Rate

% of findings that exceeded the window. We drive this down and keep it down.

MTTR (overall & by severity)

Mean Time To Resolve. Our goal: MTTR stays below each severity’s SLO window and improves over time.

Example: If S1 SLO is 14 days, a good target is MTTR(S1) ≲ 7–10 days in steady state.

Percentiles (p50 / p90) — optional

p50 (median): 50% of fixes are at or faster than this time. p90: 90% are at or faster. Useful to catch long‑tail delays, but SLOs remain primary.

Concrete example (S1 with 14‑day SLO)

You have 100 S1 findings this month. We close 70 in 7 days and the remaining 30 in 13 days.

  • MTTR(S1): (70×7 + 30×13) / 100 = (490 + 390) / 100 = 8.8 days (comfortably < 14‑day SLO)
  • On‑SLO%(S1): 100% if all closed ≤14 days. If any exceed 14 days, they count against this metric.
  • p50/p90 (optional): p50 ≈ 7 days; p90 ≈ 13 days in this scenario.

We report these monthly by severity and for the overall program.

Get a Sample KPI PackHow We Scope