Who Writes the Bugs? A Deeper Look at 125,000 Kernel Vulnerabilities
pebblebed.com
March 4, 2026
17 min read
🔥🔥🔥🔥🔥
46/100
Summary
An analysis of 125,000 kernel vulnerabilities reveals that bugs remain undetected for an average of 2.1 years, with race conditions lasting over twice as long as other types. VulnBERT has been developed to identify these vulnerabilities at the commit stage.
Key Takeaways
- Weekend commits are less likely to introduce vulnerabilities but take 45% longer to fix compared to weekday commits.
- Intel contributes the most kernel bugs due to their extensive code contributions.
- 117 super-reviewers exist who catch bugs nearly twice as fast as the average, with an average bug fix lifetime of 1.1 years compared to the global average of 2.1 years.
- Process improvements could potentially reduce the average bug lifetime by 35%.
Community Sentiment
Positives
- The collaborative nature of the kernel development, with significant contributions from individuals, highlights the strength of community involvement in open-source projects.
Concerns
- The analysis lacks actionable insights, leaving readers questioning how to address the identified vulnerabilities effectively.
- Concerns about the severity of bugs in critical systems, like automotive software, raise alarms about safety and reliability.