It is always good to know about the existence of a vulnerability as soon as possible. Mean time to detect is a metric that essentially measures how long it would take before a vulnerability gets detected, throughout the organization. Ideally, it would be best to have the least value for this metric. For example, if a heart-bleed vulnerability got published today, then how long would it take to determine all the affected systems throughout the organization? Data for this metric can be published and compared on a quarterly basis, with the value for every quarter ideally lesser than the previous one.