Time to Patch
Brian Krebs has a long article, “Time To Patch III: Apple,” [link to http://blog.washingtonpost.com/securityfix/2006/05/a_time_to_patch_iii_apple_2.html no longer works] examining how long it takes Apple to ship security fixes:
Over the past several months, Security Fix published data showing how long it took Microsoft and Mozilla to issue updates for security flaws. Today, I’d like to present some data I compiled that looks at Apple’s performance on this front.
It’s a good thing no one has any technology that would help a researcher understand exactly the changes that a patch makes. Because if they did, they could sure read those Linux patches and learn a lot about Apple vulnerabilities.