Post Syndicated from original https://lwn.net/Articles/885581/

Google’s Project Zero blog looks
at how quickly the vulnerabilities it has
reported over the last three years have been fixed.

From this, we can see a few things: first of all, the overall time
to fix has consistently been decreasing, but most significantly
between 2019 and 2020. Microsoft, Apple, and Linux overall have
reduced their time to fix during the period, whereas Google sped up
in 2020 before slowing down again in 2021. Perhaps most
impressively, the others not represented on the chart have
collectively cut their time to fix in more than half, though it’s
possible this represents a change in research targets rather than a
change in practices for any particular vendor.

The report also says that Linux vulnerabilities were fixed more quickly
than any other.