Security teams have gotten good at finding vulnerabilities. Fixing them has always been the hard part. An analysis of remediation patterns across 50,000+ actively developed repositories and 400+ organizations during 2025 reveals a pattern: where a vulnerability is detected has more impact on whether it gets fixed than what the vulnerability is.
PR-Detected Findings Get Fixed 9x Faster
