Xopus

Main Menu

  • Schemas
  • CSS
  • Chrome
  • Firefox
  • Fund

Xopus

Header Banner

Xopus

  • Schemas
  • CSS
  • Chrome
  • Firefox
  • Fund
Firefox
Home›Firefox›Google: Vendors took an average of 52 days to fix reported security flaws

Google: Vendors took an average of 52 days to fix reported security flaws

By Warren B. Obrien
February 11, 2022
0
0

Google’s Project Zero published a report covering its work in 2021. It found that vendors take an average of 52 days to fix reported security vulnerabilities.

Between 2019 and 2021, Project Zero researchers reported 376 numbers to suppliers within their 90-day period.

Of those 376 issues, more than 93% of those bugs have been fixed and more than 3% have been marked as “WontFix” by vendors, according to Project Zero.

The researchers added that 11 other bugs remain unfixed and 8 have passed their deadline to be fixed. Microsoft, Apple and Google account for 65% of discovered bugs. Microsoft led the way with 96 bugs, followed by 85 from Apple and 60 from Google.

“Overall, the data shows that almost all the major vendors here arrive in less than 90 days, on average. The bulk of patches during a grace period come from Apple and Microsoft (22 out of 34 total) Vendors missed a deadline and a grace period about 5% of the time during this period,” the Project Zero researchers said.

“In this bracket, Oracle exceeded the highest rate, but admittedly with a relatively small sample size of only about 7 bugs. The next highest rate is Microsoft, which exceeded 4 of its 80 deadlines. [The] the average days to fix bugs across all vendors is 61 days.”

capture-d-ecran-2022-02-11-at-1-04-28-pm.png

google

Google also provided other stats showing that overall repair time has been steadily decreasing, especially for vendors like Microsoft, Apple, and Linux. All three reduced their repair time between 2019 and 2020 while Google accelerated in 2020 and slowed again in 2021.

In 2021, they noted that a single 90-day period was exceeded, a marked decrease from the average of 9 per year in the other two years. The researchers added that the grace period was used 9 times – half of them by Microsoft – compared to the slightly lower average of 12.5 in other years.

When it comes to mobile vulnerabilities, iOS devices had 76 bugs in total, followed by 10 for Samsung Android devices and 6 for Pixel Androids.

For browsers, Chrome had 40 bugs and an average fix time of 5.3 days. WebKit had 27 bugs and an average fix time of 11.6 days while Firefox had 8 bugs and an average fix time of 16.6 days.

“Chrome is currently the fastest of the three browsers, with a 30-day delay between bug report and release of a fix in the Stable channel. Firefox comes in second in this analysis, but with a relatively low number of data points to analyze a fix on average in 38 days,” the researchers said.

“WebKit is the outlier in this analysis, with the longest days to release a patch at 73 days. Their time to release the patch publicly is in the middle between Chrome and Firefox, but unfortunately that leaves a very long time to time for opportunistic attackers to find the patch and exploit it before the patch is made available to users.”

Project Zero said the results were a positive development, showing that many vendors are fixing most of the bugs they find. Vendors are also acting faster to fix issues, with Google attributing this to responsible disclosure policies that have become industry standard.

Google has urged all vendors to focus on a “more frequent patch cadence for security issues.”

“We encourage all vendors to consider publishing aggregate data on their time to fix and time to fix for externally reported vulnerabilities. Through more transparency, information sharing and collaboration across the industry , we believe we can learn from each other’s best practices, better understand the challenges that exist, and hopefully make the internet a safer place for everyone,” Project Zero said.

Related posts:

  1. Global Hobbyist Bikes Market Growth Analysis and Forecast to 2026
  2. Do I never update Windows 10?
  3. All major desktop browsers vulnerable to tracking vulnerabilities that can bypass privacy tools – Research
  4. Growing API Market Due to Spread of COVID-19 | IFTTT, Google Cloud, Firefox, Cloud Elements, Datadog – KSU

Recent Posts

  • Google Chrome adds virtual credit card numbers to protect your real ones – TechCrunch
  • How to take screenshots using the built-in screenshot tool in Mozilla Firefox on Windows 11 2022
  • Three Bard Faculty Pen Reviews for Artforum May 2022 Edition
  • 10 CSS background templates you can use on your website
  • Automotive Chromium Market Size and Overview 2022-2030 | Key Players – HELLA KGaA Hueck, Thule Group AB, Lund International, Covercraft Industries, Pep Boys – Manny

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021

Categories

  • Chrome
  • CSS
  • Firefox
  • Fund
  • Schemas
  • Terms and Conditions
  • Privacy Policy