Patch Development Time Statistics
In my security advisories I keep record of the time a vendor or open source project needed to provide a
fix or patch for the vulnerability I reported. I call this the patch development time.
Here are some patch development time statistics of the vulnerabilities I reported so far:
.ιl Average patch development time:
(How long does it take to fix a vulnerability?)
Average patch development time: 99.9 days
Total number of vulnerabilities: 30
(How long does it take to fix a vulnerability?)
Average patch development time: 99.9 days
Total number of vulnerabilities: 30
.ιl Average patch development time of open source software projects:
(How long does it take open source projects to patch vulnerabilities?)
Average patch development time: 8.6 days
Total number of vulnerabilities: 12
(How long does it take open source projects to patch vulnerabilities?)
Average patch development time: 8.6 days
Total number of vulnerabilities: 12
.ιl Average patch development time of commercial software vendors:
(How long does it take commercial software vendors to patch vulnerabilities?)
Average patch development time: 160.8 days
Total number of vulnerabilities: 18
(How long does it take commercial software vendors to patch vulnerabilities?)
Average patch development time: 160.8 days
Total number of vulnerabilities: 18