Security News > 2022 > February > Vendors are Fixing Security Flaws Faster

Google's Project Zero is reporting that software vendors are patching their code faster.

In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero.

In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline.

Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports.

We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.

We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general.

News URL

https://www.schneier.com/blog/archives/2022/02/vendors-are-fixing-security-flaws-faster.html