How Long Does it Take Vendors to Release Patches?

MasterMynd asks: "In the IT field I'm frequented with questions regarding security updates of the OS's that we use. In my IT department we use a real mixture of OS's for desktops in addition to our many NOS's. More often then not I don't have an answer as to the routine question of how soon a security patch will be available. Normally I give "It should be done in about a week" as my answer. But truth remaining I don't have any answer as to when it will be available because vendors aren't forthcoming about such info. Rumours and anecdoes abound in how long it normally takes to get a patch. Are there any current reports anywhere showing a comparison of how much time it takes to produce a patch or workaround from the time it's discovered until it's available for download, from the major NOS & Desktop vendors?" Ask computer security becomes more and more important, such resources will become invaluable. Any clues as to where such may be found?

Securityfocus study

[pthisis]

Securityfocus did this sort of study.

I can't find the whole thing, but there's
a summary at linux weekly news, and googling for "days recess security focus microsoft linux" or similar might help (days of recess is a measure of response time).

Sumner