Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days


Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed.

Per Google Project Zero’s policy, vendors have 90 days to address the security errors, but they can also request a 14-day grace period if a patch will be shipped within that 104-day window.

Out of a sample of 346 vulnerabilities reported and patched between 2019 and 2021, the majority were patched within that window, with only 5% exceeding the deadline and grace period.