The Syzkaller fuzzer (released in 2015)
Dynamic memory error detectors like KASAN, KMSAN, KCSAN sanitizers
Better static analysis
More contributors reviewing code
An anonymous reader shared this report from It's FOSS It took six hours to assemble the dataset, according to the blog post , which concludes that the percentage of bugs found within one year has improved dramatically, from 0% in 2010 to 69% by 2022. The blog post says this can likely be attributed to:
But "We're simultaneously catching new bugs faster AND slowly working through ~5,400 ancient bugs that have been hiding for over 5 years."
They've also developed an AI model called VulnBERT that predicts whether a commit introduces a vulnerability, claiming that of all actual bug-introducing commits, it catches 92.2%. "The goal isn't to replace human reviewers but to point them at the 10% of commits most likely to be problematic, so they can focus attention where it matters..."