Comment by lucb1e
15 hours ago
> "modern" as a value seems pretty loose, and it's often at least arguable whether it's objectively better!
Well, there is research on this!
https://security.googleblog.com/2024/09/eliminating-memory-s... writes:
> vulnerabilities decay exponentially. They have a half-life. [...] A large-scale study of vulnerability lifetimes² published in 2022 in Usenix Security confirmed this phenomenon. Researchers found that the vast majority of vulnerabilities reside in new or recently modified code
Where ² goes to https://www.usenix.org/conference/usenixsecurity22/presentat...
A study limitation is that they looked only at security-relevant bugs (vulnerabilities). As someone who writes code, I would tend to think that this also goes for bugs without a direct security impact, but I don't have the data to back that notion up
Feels kinda obvious to me? As time goes on bug density can only go on direction, and making no changes to a codebase certainly doesn’t make it go up.