The Vulnerability History Project
Warning: Our website does not support Internet Explorer, please use Edge instead.
How long was this in the system?
The collection of **lifetime** measure the length of time between the earliest vulnerability-contributing commit (VCC) and the earliest fix commit. During this lifetime is when developers **missed** the vulnerability.
Our breakdown of vulnerability lifetimes are arbitrary. The categories are:
* Less than 30 days
* 30 to 90 days
* 90 to 180 days
* 180 days to 1 year
* 1 to 2 years
* 2 to 5 years
* 5+ years
We're sorry, we had trouble loading the data...
A **Vulnerability-Contributing Commit** is the change to source code that is likely the origin of a vulnerability.
Finding a VCC is our attempt at finding the original mistake that was made... and missed... that led to a vulnerability.