A comprehensive analysis of 125,000 Linux kernel vulnerabilities reveals surprising insights about who writes bugs and how to fix them faster. The study, building on previous work with VulnBERT for automated detection, examines the human factors behind vulnerability introduction and resolution.

Weekend commits are 8% less likely to introduce vulnerabilities but take 45% longer to fix. Intel contributes the most bugs simply because they contribute the most code, maintaining 8.4% of kernel commits. The analysis identifies 117 'super-reviewers' who catch bugs 47% faster than average, with Chris Wilson leading at 1,242 fixes with an average lifetime of just 0.5 years.

Self-fixes are 3x faster than cross-fixes, with original authors resolving their own bugs in 0.88 years versus 2.59 years for others. The study suggests process improvements could reduce average bug lifetime by 35%. Independent contributors still account for half of all kernel development, though corporate contributions have grown from 25% in 2005 to 55% today.