{"id":434634,"date":"2022-02-21T12:24:17","date_gmt":"2022-02-21T10:24:17","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=434634"},"modified":"2022-02-21T12:29:57","modified_gmt":"2022-02-21T10:29:57","slug":"linux-developers-faster-at-fixing-security-bugs-than-microsoft-and-apple","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/434634-linux-developers-faster-at-fixing-security-bugs-than-microsoft-and-apple.html","title":{"rendered":"Linux developers faster at fixing security bugs than Microsoft and Apple"},"content":{"rendered":"

Linux developers take less time to patch security vulnerabilities than the teams at large software companies \u2014 including Microsoft, Apple, and Google.<\/p>\n

That is according to Google’s Project Zero<\/strong><\/a>, a research initiative that reports security vulnerabilities to the largest software vendors and assesses their performance in addressing them based on a 90-day deadline.<\/p>\n

Vendors can also request a 14-day grace period if they confirm a plan to release the fix by the end of the 104-day window.<\/p>\n

In their latest post, Project Zero assessed the vendors’ reactions to 376 bugs reported between January 2019 and December 2021.<\/p>\n

Most of the vulnerabilities were clustered around a few vendors, including 96 from Microsoft, 85 from Apple, and 60 in Google products.<\/p>\n

Overall, 351 bugs were fixed, while 14 were marked as WontFix by the vendors.<\/p>\n

Eleven of the bugs remained unfixed, of which eight had passed the deadline for fixing, and three were still within the deadline.<\/p>\n

Improvement in patch time<\/h3>\n

According to the researchers, vendors took an average of 52 days to fix their security vulnerabilities, a marked improvement over the 80 days it took three years ago.<\/p>\n

There was also a dropoff in vendors missing the deadline or the additional 14-day grace period.<\/p>\n

“In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period,” said Project Zero’s Ryan Schoen.<\/p>\n

The team broke down each vendor’s deadline adherence and fix time, shown in the table below.<\/p>\n

\"\"<\/a><\/p>\n

Notably, only 25 bugs were reported to Linux developers, and 24 were fixed by day 90. Only one exceeded the deadline and grace period.<\/p>\n

But perhaps more impressive was that it only took an average of 25 days for the Linux devs to fix their bugs, far below the average across all vendors.<\/p>\n

This was also much faster than Microsoft and Apple’s average days to fix, which stood at 83 and 69, respectively.<\/p>\n

Of the major vendors, Oracle took the longest to fix bugs, with an average of 109 days.<\/p>\n

In addition, its teams had only managed to fix 3 out of 7 bugs within the 90-day deadline.<\/p>\n

Schoen said the difference in the time it takes a vendor to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports.<\/span><\/p>\n

“We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies,” Schoen said.\u00a0<\/span><\/p>\n

A full list of Project Zero’s discovered vulnerabilities can be found on the Bug Tracker<\/strong><\/a>.<\/p>\n

Now read: Google nukes two-factor authenticator virus app<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"

Linux developers take less time to patch security vulnerabilities than the teams at big software companies \u2014 including Microsoft, Apple, and Google.\u00a0<\/p>\n","protected":false},"author":341042,"featured_media":434650,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[2556,605,167,26080,1799,123,975,3372,645,72230,49767],"class_list":["post-434634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-adobe","tag-apple","tag-google","tag-google-project-zero","tag-linux","tag-microsoft","tag-mozilla","tag-oracle","tag-samsung","tag-security-patches","tag-security-vulnerabilities"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/434634"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341042"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=434634"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/434634\/revisions"}],"predecessor-version":[{"id":434668,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/434634\/revisions\/434668"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/434650"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=434634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=434634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=434634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}