Google Project Zero: 95.8% of All Bug Reports Are Fixed Before Deadline Expires

The Google Project Zero team said that around 95.8% of the security bugs they find in other software and report to their respective vendors get fixed before the 90-day deadline for a public disclosure expires. From a report: That’s quite the batting average for one of world’s most infamous cybersecurity programs. In a statistic shared on Wednesday, Google’s elite security team said that during its whole history — from July 17, 2014, when Project Zero was created and until July 30, this week — its researchers found and reported a total of 1,585 vulnerabilities to a wide range of hardware and software vendors. Of these, Google said that vendors failed to deliver a patch before the final deadline expired only for 66 reports. As a result, its researchers were forced to make vulnerability technical details public before a fix was made available to users.