angler-fishThe Vulnerability History Project

Lifetime: 180 days to 1 year

How long was this in the system?

The collection of lifetime measure the length of time between the earliest vulnerability-contributing commit (VCC) and the earliest fix commit. During this lifetime is when developers missed the vulnerability.

Our breakdown of vulnerability lifetimes are arbitrary. The categories are:

  • Less than 30 days
  • 30 to 90 days
  • 90 to 180 days
  • 180 days to 1 year
  • 1 to 2 years
  • 2 to 5 years
  • 5+ years

Examples

expand_less