Security Versus Performance Bugs: How Bugs are Handled in the Chromium Project

Bug fixing is a very important activity of software maintenance. Given the recent highlight on security and privacy, one may expect that the software vendors would give security bugs a higher priority in their bug fixing process. In this paper, we present an exploratory study of different categories (i.e., security, performance, and other) of bugs in the maintenance of the Chromium browser. In particular, we study the phenomena such as how much time is spent in bug triage, how fast different types of bugs are fixed, variations of developers' experiences who fix those bugs, and show often those fixed bugs are reopened. We find that the performance bugs are triaged and fixed faster. Security bugs, for fixing, are assigned to more experienced developers. All categories of bugs are almost equally reopened once closed.