The life cycle of a software vulnerability begins when adeveloper makes a mistake. A lot of software security best practices aim for lessening the time until vulnerabilities are discovered, or the time between discovery and patch availability. Unfortunately, most software projects have zero control over security patch deployment.