Depth

The program owner who is reading your report knows about your vulnerability as much as you and your report describes it. The report should focus deeply on the technical aspects of the vulnerability and not brag about them here and there. This shows the program owner that you are not just beating about the bush but are clearly trying to help them out with their security.