We consider a big fix to be greater than 100 lines of code changed (added + deleted).
Vulnerabilities with large fixes often involves the addition of new features, new subsystems, or new APIs. Large fixes might indicate a human error in the **requirements** or **design** stages of software development.
The Vulnerability History Project