There is another topic here in the forum, What would you do if devs refused to fix security holes? .
In addition to this, I’d like to point out that BugCrowd has an “Average Response Time” in each program to provide a rough idea of what you should expect from this program.
Do you, researchers, believe it needs to be more detailed? Would it be a good idea to include an “Average Response Time” for every category P{1…n}?
Do you think it would be useful to have an average time between state changes? This could be “Average Time until Triaging”, “Average Time until Fix”, …