“…No universal explanation is known for these and related results. Numerous different explanations are offered in the literature: some build on bug triaging aspects and different incentives for vendors, bug reporters, and developers [15], [18]; others stem from bug severity, testing, architectural flaws, dependencies, code complexity, and code churn [19], [20]; some are related to problems in vulnerability disclosure and associated coordination, including the allocation of CVEs for the vulnerabilities [16], [21]; and so forth. Whatever the explanations may be, the first research question is worth asking to better understand the time delays associated with continuous fuzzing and automated testing in general.…”