Metrics

This category is for counts, rates, timelines, and trends that are safe to publish without exposing raw cases.

Suitable Metrics

Advisory counts by status.
Median coordination timeline.
Finding classes by broad taxonomy.
Publication volume by period.

Unsuitable Metrics

Client-identifying counts without permission.
Small-cell data that can deanonymize cases.
Open uncoordinated vulnerability counts.
Target-specific operational detail.

Review Boundary

Metrics should describe public process without leaking private cases. Counts and timelines must be broad enough to avoid identifying reporters, vendors, or unresolved findings. If a metric cannot be explained without exposing a sensitive case, it should remain internal until aggregation is safe.

Preferences

Display

Accessibility

Metrics

Suitable Metrics

Unsuitable Metrics

Review Boundary

Suitable Metrics​

Unsuitable Metrics​

Review Boundary​

Suitable Metrics

Unsuitable Metrics

Review Boundary