Kernel bugs hide for 2 years on average. Some hide for 20
There are bugs in your kernel right now that won’t be found for years. I know because I analyzed 125,183 of them, every bug with a traceable Fixes: tag in the Linux kernel’s 20-year git history. The average kernel bug lives 2.1 years before discovery. But some subsystems are far worse: CAN bus drivers average 4.2 years, SCTP networking 4.0 years. The longest-lived bug in my dataset, a buffer overflow in ethtool, sat in the kernel for 20.7 years. The one which I’ll dissect in detail is refcount leak in netfilter, and it lasted 19 years. I built a tool that catches 92% of historical bugs in a held-out test set at commit time. Here’s what I learned. Key findings at a glance 125,183 Bug-fix pairs with traceable Fixes: tags 123,696 Valid records after filtering (0 < lifetime <…
