Google Project Zero: 95.8% of security vulnerabilities are fixed during the 90-day disclosure period