While I would love to read this, I don't think it will change much as facts rarely change human behavior
A huge amount of the guidance is rooted in standards and policy documents, which take years to change, if they even want to change (which I bet a lot don't)
I'm unsure there is a good way to incite change in the application security space right now, I think there's too much friction
I wonder how and if other industries had similar challenges to overcome in the past
I fear it was mostly personal injury in the courts, which we don't really have today because we're not yet killing and maiming enough people for anyone to notice