Over the last five years of #curl's bug-bounty we have received 489 submissions. For these 489 submissions the *median* first-response time has been, as calculated by Hackerone: 0 (zero) hours. If this does not ooze of awesomeness from a security team I don't know what does.
I presume they round or truncate to the nearest integer hour. Still means more than half of them got answered within an hour. Whenever or from wherever they were filed.
We take security seriously.