| ▲ | gjfr 2 days ago | |
Interesting! We did a similar analysis on Content Security Policy bugs in Chrome and Firefox some time ago, where the average bug-to-report time was around 3 years and 1 year, respectively. https://www.usenix.org/conference/usenixsecurity23/presentat... Our bug dataset was way smaller, though, as we had to pinpoint all bug introductions unfortunately. It's nice to see the Linux project uses proper "Fixes: " tags. | ||
| ▲ | staticassertion a day ago | parent [-] | |
> It's nice to see the Linux project uses proper "Fixes: " tags. Sort of. They often don't. | ||