References

¹

Veracode, State of Software Security (2024); Snyk, State of Open Source Security (2024). Remediation timelines vary by study — 60 days is optimistic for critical vulnerabilities, 200+ days is common for medium-severity findings.

Exposure window estimates (§2.1)

²

IBM Security & Ponemon Institute, Cost of a Data Breach Report (2024). Global average: $4.88M.

Breach cost figures

³

MITRE ATT&CK Framework — https://attack.mitre.org/

Tactic and technique mapping in ADR attack events (5.1–5.5)