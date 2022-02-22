Project Zero, Google’s cybersecurity research team, recently published a report that analyzed the responsiveness of software vendors to notification of security vulnerabilities over three years.

Linux, compared to other projects and companies such as Apple, Microsoft, Oracle, Samsung, Mozilla and Google itself, has the best performance against the reports received, according to the analysis that includes the work of Project Zero between January 2019 and December 2019. 2021.

Linux fixes its zero-day vulnerabilities faster

The aforementioned team of Google employees specializes in the so-called Zero Day, those security vulnerabilities do not have security patches, since they had not been discovered before. In this lies the importance of a timely response from those responsible for the security of a software, since it is not a problem that can be summarized in simple adjustments.

When Project Zero finds a bug, it notifies developers or software maintainers and gives them 90 days to fix a bug before making it public so as not to amplify the dangers. If the situation turns uphill, in the face of really complex problems, they can grant an additional 14 days of grace, if it is ensured that before the 104 days are up they will have secured a patch with the definitive correction.

Of a total of 376 problems detected on platforms from different companies, the report reveals that a large number of the main software providers manage to respond adequately before the first 90-day period expires.

Of the total bugs reported, 351 of those, 93.4% of the total, received their patch. 14 punctual errors, 3.7% of the total, were reported as. WontFix, “Not repairable” and 11 others, 2.9%, remained uncorrected at the time the figures were released.

In addition, most of the reports focus on three large companies. Apple concentrates the majority of reported failures, with 85 errors; followed by Microsoft with a similar figure, accumulating 80 errors; followed by Google, with 56.

For its part, in Linux they are the fastest in the study to correct security flaws, taking an average of 25 days to correct the reported errors. It took Apple an average of 69 days to attack these issues, followed by Microsoft at an average of 83, Google at 44, Samsung at 72, Adobe at 65, Mozilla at 46, and Oracle at 109.

From Project Zero they pointed out, in the presentation of this report, that they will continue to repeat this exercise, as a practice of transparency and to encourage software developers to maintain safe digital spaces for their users.