Sign in / up

back to article Linux tops Google's Project Zero charts for fastest bug fixes

The bug hunters at Google's Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition. Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Paul Crawford Silver badge

    2F off

    But by taking a more forceful approach Google seems to be saving itself a lot of headaches. You have to ask – why aren't more people signing up?

    Maybe because many folks don't want to give Google any more information to link accounts up? I have a few emails for spammy stuff and would rather keep them as isolated as practical.

    10 1 Reply
    1. Gene Cash Silver badge
      Reply Icon

      Re: 2F off

      Because Google demands more personal information, like mobile numbers, which is actually monetarily valuable to them.

      6 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: 2F off

        @Gene Cash

        I am assuming you are naive in not knowing that Google already has your telephone number, and if you use Android, well, you have given it to them.

        2 5 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: 2F off

          I don't normally answer my own posts, but downvoted for writing the truth??? I mean seriously?

          2 0 Reply
          1. georgezilla Silver badge
            Reply Icon

            Re: 2F off

            " ... but downvoted for writing the truth??? ... "

            Happens all the time.

            You haven't noticed it?

            Seriously?

            1 2 Reply
            1. Tilda Rice
              Reply Icon

              Re: 2F off

              Yup, you will get downvoted for truth telling

              Or preferring Apple over Android

              Or if you don't lean politically left

              Criticising China

              Criticise open source

              Supporting a management view

              Welcome to the demographic :)

              You can probably guess the gender of 99% of posters, their age range, and their personality types.

              No mystery :)

              0 0 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: 2F off

          If someone has called you from their Android phone, they already have your number even if you yourself has no direct relationship with Google, do not use an Android phone yourself, etc.

          They really are scumbag data acquirers.

          0 0 Reply
      2. T. F. M. Reader
        Reply Icon

        Re: 2F off

        @Gene Cash

        True, but for me there is also another reason: if something happens to my second factor (e.g., phone) and I need to reach my stuff I understand how to restore access, say, at work, where the sysadmin knows me personally. I don't understand how I can convince Google that I am me if they lock me out.

        1 0 Reply
    2. WolfFan Silver badge
      Reply Icon

      Re: 2F off

      That’s my guess.

      1 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: 2F off

      2FA is a hard sell regardless of who the provider is.

      I reckon it's part to do with perceived or real inconvenience and part to do with fear (justified or not) of losing access to your account if losing one of the factors. Just my guess though.

      0 0 Reply
    4. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: 2F off

      I think that it might also be because most gmail accounts are used as quasi-disposable addresses that the users fundamentally don't care about, certainly not enough to directly hand over their phone number to Google. If it gets hacked, who cares?

      Plus, 2FA is rather annoying if you are using a desktop email client. It's bad enough travelling abroad with a laptop connected to Gmail, Google seeming to think it unlikely that a Brit might travel to the far east, or France, and disabling access until you login to their website and confirm that was you. Throw in 2FA as well and then you have to have your own SIM in your phone to receive the code, which for a lot of phones means not having a tourist / local SIM. So you're stuck paying exorbitant roaming charges too.

      All in all, I find that Google's security measures truly suck when travelling anywhere slightly more off the beaten track than Dover.

      0 0 Reply
  2. alain williams Silver badge

    Raw bug counts are not very meaninful

    Project Zero is about security vulnerabilities but not all vulnerabilities are equally bad: some are harder to exploit, others have limited impact.

    A vendor should, rightly, prioritise fixing some bugs over others.

    3 1 Reply
    1. DS999 Silver badge
      Reply Icon

      Re: Raw bug counts are not very meaninful

      As well, some are much more complex than others. Some fixes like say a bounds checking issue might take a few minutes to find and fix. Others might require a complete rewrite of a function and therefore a lot of testing to insure that 1) it does everything it did before, 2) the bug is fixed, and 3) new bugs haven't been introduced.

      2 0 Reply
      1. bazza Silver badge
        Reply Icon

        Re: Raw bug counts are not very meaninful

        We've certainly seen plenty of examples where 2) and 3) aren't achieved...

        0 0 Reply
  3. Joseba4242

    2FA Success?

    They call a reduction in account takeovers of 50% through 2FA a success.

    I'd call this an abject failure.

    Success for me would be 99%+ reduction.

    0 1 Reply
    1. It's just me
      Reply Icon

      Re: 2FA Success?

      They have 1.8 billion users, so they tried to get an additional 8% of their users to use 2FA and saw a 50% drop in account takeovers. Sounds better that abject failure to me.

      0 0 Reply
  4. bazza Silver badge

    The problem with a magnetic process for generating random values is that, I think, it will be susceptible to influence from external magnetic fields. Overcoming all possible external magnetic influences might be a big challenge...

    0 0 Reply
  5. bazza Silver badge

    Interested to see that Firefox was found to have 8 bugs vs Chrome and Webkit's higher numbers.

    I wonder that can attributed to Mozilla's increasing use of Rust? Or did they simply spend less time looking at it?

    0 0 Reply
  6. RyokuMas
    Stop

    Hmmm...

    "Project Zero reported more than 10 times the number of flaws in iOS than in its home operating system..."

    ... funny, that. Especially when the same team decides a known bug for which a fix is being worked on in a competitor's product warrents the same level of severity as breaking the the most widely used cryptographic algorithm at the time...

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like