A data-driven analysis of 125,000 Linux kernel vulnerabilities examining who introduces bugs, when, and how to reduce bug lifetimes. Key findings: 117 'super-reviewers' fix bugs 47% faster than average; self-fixes are 3x faster than cross-fixes (0.88 vs 2.59 years); weekend commits are 8% less likely to introduce bugs but take 45% longer to fix; Saturday is the riskiest day while Sunday is safest; race conditions survive 5 years on average vs 2.4 for deadlocks; Intel introduces the most bugs proportional to their code contribution volume. The analysis also maps corporate contributions (Intel 8.4%, independents 50%), identifies neglected subsystems like drivers/can (4.2-year average bug lifetime), and proposes subsystem-specific ML models. Combined process improvements—super-reviewer routing, commit quality gates, specialized models, and temporal CI tuning—could reduce average bug lifetime by an estimated 35%, from 2.1 to ~1.4 years.
Table of contents
The Super-ReviewersSelf-Fixes Are 3x FasterThe Corporate Landscape: Who Really Builds the Kernel?Intel Introduces the Most Bugs (Because They Write the Most Code)The Weekend Effect: Fewer Bugs, But They Hide LongerRace Conditions: The Hardest Bugs to FindThe Forgotten CornersSubsystem-Specific Models: 5-15% Improvement PotentialClustering Reveals Hidden StructurePutting It Together: 35% Reduction in Bug LifetimeConcrete ActionsLimitations: What Git Doesn't CaptureThe DatasetKey Takeaways1 Comment
Sort: