March 4, 2026

Bugs, beef, and weekend grief

Article URL →HN comments →

Who Writes the Bugs? A Deeper Look at 125,000 Kernel Vulnerabilities

117 'bug heroes' crowned, skeptics cry stats theater, weekend fixes drag

TLDR: A giant kernel study crowns 117 “super-reviewers” and finds weekend code isn’t more buggy, just slower to fix. Comments erupt over shaky stats, outliers, AI vibes, car-tech fears, and league tables of who ships the most bugs—making process, not heroes, the real battleground.

The kernel world just dropped a wild stat bomb: out of 125,000 bugs, 117 “super-reviewers” fix issues nearly twice as fast, weekend commits are less likely to be buggy, but weekend bugs take 45% longer to fix. Cue the comment section turning into a reality show. dogleash rolls in with the philosopher’s chair: “The map is not the territory,” warning that shiny metrics can seduce “data-driven” execs into doing what they wanted anyway. petterroea adds the math-gavel: not enough statistical testing, small differences might be coincidence. Meanwhile, jeffbee drops a meme grenade: “Bugs Georg” is an outlier and should be excluded. Peak vibes.

Fans cheer the bug police: Chris Wilson fixing at 0.5 years on average, Dan Carpenter not only fixing 2,707 bugs but inventing the “Fixes:” tag that makes all this tracking possible. But vintagedave says it “reads like Claude wrote it,” and wants actual actions—should certain commit messages get scanned harder? Also: panic about cars. They ask why CAN (the car network used to make vehicles talk to themselves) looks scarier than Intel, and people admit, bugs in car systems are nightmare fuel.

Then the scoreboard squad arrives: kittikitti posts ratios and percentages (Intel 11.86%, Google 12.78%, Linaro 12.73%), turning it into a league table. Some want to crown champions; others say chill, correlation isn’t causation. The only thing everyone agrees on? Weekend reviews need more humans—and fewer vibes.

Key Points

  • Analysis of 125,000 Linux kernel commit–fix pairs identifies who introduces vulnerabilities, when they occur, and who fixes them fastest.
  • 117 super-reviewers meet criteria (100+ fixes, ≥20% faster than average), with an average fix lifetime of 1.1 years vs 2.1 years globally (47% faster).
  • Weekend commits are 8% less likely to be vulnerable, but weekend bugs take 45% longer to fix, indicating reduced review coverage.
  • Intel contributes the most bugs, attributed to its high volume of code contributions; “self-fix” bugs average 0.88 years vs 2.59 years for cross-fixes.
  • Process improvements informed by these patterns could reduce average bug lifetime by about 35%; the “Fixes:” tag enabled this analysis.

Hottest takes

“The map is not the territory” — dogleash
“Bugs Georg… should be excluded” — jeffbee
“This reads like Claude wrote it” — vintagedave

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.