# Zero-Day Window Tracking

## Module
Scanner

## Status
VERIFIED

## Description
Tracks the exposure window between vulnerability disclosure and remediation application, providing metrics on mean-time-to-remediate and zero-day exposure duration per artifact.

## Implementation Details
- **Zero-Day Window Tracking**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Models/ZeroDayWindowTracking.cs` - `ZeroDayWindowTracking` model tracking the exposure window between vulnerability disclosure timestamp and remediation application timestamp, computing zero-day exposure duration and mean-time-to-remediate metrics per artifact

## E2E Test Plan
- [ ] Record a vulnerability disclosure event and verify the zero-day window begins tracking from the disclosure timestamp
- [ ] Apply a remediation (patch, upgrade, VEX) and verify the exposure window is closed with correct duration calculation
- [ ] Verify mean-time-to-remediate (MTTR) is computed across multiple vulnerabilities for an artifact
- [ ] Verify zero-day exposure duration accounts for the time between disclosure (NVD published date) and first scan detection
- [ ] Verify tracking handles re-opened windows (e.g., regression after a patch is reverted)

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |