Brian Krebs has a long article, “Time To Patch III: Apple,” examining how long it takes Apple to ship security fixes:
Over the past several months, Security Fix published data showing how long it took Microsoft and Mozilla to issue updates for security flaws. Today, I’d like to present some data I compiled that looks at Apple’s performance on this front.
It’s a good thing no one has any technology that would help a researcher understand exactly the changes that a patch makes. Because if they did, they could sure read those Linux patches and learn a lot about Apple vulnerabilities.