Study of 20 years of kernel history finds bugs hide for 2+ years on average, some for decades.

It was not too long ago we talked about the first Rust CVE in the Linux kernel, which caused system crashes. That same day, 159 other CVEs were issued for C code. While that shows progress with Rust, it also highlights something more concerning; the kernel has bugs that hide for years before anyone finds them.

A research blog published on Pebblebed demonstrates how bugs often stay hidden for years before they are discovered and fixed.