{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T06:36:40Z","timestamp":1742971000487,"version":"3.40.3"},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030688868"},{"type":"electronic","value":"9783030688875"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-68887-5_2","type":"book-chapter","created":{"date-parts":[[2021,2,11]],"date-time":"2021-02-11T15:22:40Z","timestamp":1613056960000},"page":"31-48","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Measuring and Modeling Software Vulnerability Security Advisory Platforms"],"prefix":"10.1007","author":[{"given":"Lucas","family":"Miranda","sequence":"first","affiliation":[]},{"given":"Daniel","family":"Vieira","sequence":"additional","affiliation":[]},{"given":"Mateus","family":"Nogueira","sequence":"additional","affiliation":[]},{"given":"Leonardo","family":"Ventura","sequence":"additional","affiliation":[]},{"given":"Miguel","family":"Bicudo","sequence":"additional","affiliation":[]},{"given":"Matheus","family":"Martins","sequence":"additional","affiliation":[]},{"given":"Lucas","family":"Senos","sequence":"additional","affiliation":[]},{"given":"Leandro P.","family":"de Aguiar","sequence":"additional","affiliation":[]},{"given":"Enrico","family":"Lovat","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Menasche","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,2,12]]},"reference":[{"issue":"3","key":"2_CR1","doi-asserted-by":"publisher","first-page":"62","DOI":"10.3390\/mti3030062","volume":"3","author":"MH de Boer","year":"2019","unstructured":"de Boer, M.H., Bakker, B.J., et al.: Text mining in cybersecurity. Multimodal Technol. Interact. 3(3), 62 (2019)","journal-title":"Multimodal Technol. Interact."},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Decan, A., Mens, T., Constantinou, E.: On the impact of security vulnerabilities in the NPM package dependency network. In: Proceedings of the 15th International Conference on Mining Software Repositories, pp. 181\u2013191 (2018)","DOI":"10.1145\/3196398.3196401"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Frei, S., May, M., Fiedler, U., Plattner, B.: Large-scale vulnerability analysis. In: SIGCOMM Workshop on Large-Scale Attack Defense, pp. 131\u2013138 (2006)","DOI":"10.1145\/1162666.1162671"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Gai, K., et al.: A novel secure big data cyber incident analytics framework for cybersecurity insurance. In: Big Data Security on Cloud, pp. 171\u2013176. IEEE (2016)","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.65"},{"issue":"3","key":"2_CR5","doi-asserted-by":"publisher","first-page":"354","DOI":"10.3390\/sym12030354","volume":"12","author":"TM Georgescu","year":"2020","unstructured":"Georgescu, T.M.: Natural language processing model for automatic analysis of cybersecurity-related documents. Symmetry 12(3), 354 (2020)","journal-title":"Symmetry"},{"key":"2_CR6","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9781139226424","volume-title":"Performance Modeling and Design of Computer Systems: Queueing Theory in Action","author":"M Harchol-Balter","year":"2013","unstructured":"Harchol-Balter, M.: Performance Modeling and Design of Computer Systems: Queueing Theory in Action. Cambridge University Press, Cambridge (2013)"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Horawalavithana, S., Bhattacharjee, A., et al.: Mentions of security vulnerabilities on Reddit, Twitter and Github. In: International Conference on Web Intelligence, pp. 200\u2013207 (2019)","DOI":"10.1145\/3350546.3352519"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Hu, W., Wang, Y., Liu, X., Sun, J., Gao, Q., Huang, Y.: Open source software vulnerability propagation analysis algorithm based on knowledge graph. In: IEEE International Conference on Smart Cloud, pp. 121\u2013127. IEEE (2019)","DOI":"10.1109\/SmartCloud.2019.00030"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Huang, S., Tang, H., et al.: Text clustering on national vulnerability database. In: Computer Engineering and Applications, vol. 2, pp. 295\u2013299. IEEE (2010)","DOI":"10.1109\/ICCEA.2010.209"},{"key":"2_CR10","unstructured":"Joh, H., Malaiya, Y.K.: A framework for software security risk evaluation using the vulnerability lifecycle and CVSS metrics. In: Proceedings of International Workshop on Risk and Trust in Extended Enterprises, pp. 430\u2013434 (2010)"},{"key":"2_CR11","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1016\/j.cose.2016.08.004","volume":"62","author":"P Johnson","year":"2016","unstructured":"Johnson, P., Gorton, D., Lagerstr\u00f6m, R., Ekstedt, M.: Time between vulnerability disclosures. Comput. Secur. 62, 278\u2013295 (2016)","journal-title":"Comput. Secur."},{"key":"2_CR12","unstructured":"Li, V.G., Dunn, M., Pearce, P., et al.: Reading the tea leaves: a comparative analysis of threat intelligence. In: USENIX Security 2019, pp. 851\u2013867 (2019)"},{"key":"2_CR13","unstructured":"MITRE: Common vulnerabilities and exposures (2020). https:\/\/cve.mitre.org\/"},{"key":"2_CR14","unstructured":"Rassam, M.A., Maarof, M., Zainal, A., et al.: Big data analytics adoption for cybersecurity. J. Inf. Assur. Secur. 12(4) (2017)"},{"issue":"3","key":"2_CR15","doi-asserted-by":"publisher","first-page":"1192","DOI":"10.1007\/s10664-015-9379-3","volume":"21","author":"C Rosen","year":"2016","unstructured":"Rosen, C., Shihab, E.: What are mobile developers asking about? A large scale study using stack overflow. Empirical Softw. Eng. 21(3), 1192\u20131223 (2016)","journal-title":"Empirical Softw. Eng."},{"issue":"2","key":"2_CR16","first-page":"129","volume":"15","author":"J Ruohonen","year":"2019","unstructured":"Ruohonen, J.: A look at the time delays in CVSS vulnerability scoring. Appl. Comput. Inf. 15(2), 129\u2013135 (2019)","journal-title":"Appl. Comput. Inf."},{"issue":"2","key":"2_CR17","doi-asserted-by":"publisher","first-page":"537","DOI":"10.2298\/CSIS161010010R","volume":"14","author":"J Ruohonen","year":"2017","unstructured":"Ruohonen, J., Hyrynsalmi, S., Lepp\u00e4nen, V.: Modeling the delivery of security advisories and CVEs. Comput. Sci. Inf. Syst. 14(2), 537\u2013555 (2017)","journal-title":"Comput. Sci. Inf. Syst."},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: International Conference on Software Engineering, pp. 771\u2013781 (2012)","DOI":"10.1109\/ICSE.2012.6227141"},{"issue":"1","key":"2_CR19","first-page":"1","volume":"1","author":"B Wang","year":"2017","unstructured":"Wang, B., Li, X., de Aguiar, L.P., Menasche, D.S., Shafiq, Z.: Characterizing and modeling patching practices of industrial control systems. Proc. ACM Meas. Anal. Comput. Syst. 1(1), 1\u201323 (2017)","journal-title":"Proc. ACM Meas. Anal. Comput. Syst."},{"issue":"1","key":"2_CR20","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/MSEC.2019.2935702","volume":"18","author":"D Woods","year":"2019","unstructured":"Woods, D., Moore, T.: Does insurance have a future in governing cybersecurity? IEEE Secur. Privacy Mag. 18(1), 21\u201327 (2019)","journal-title":"IEEE Secur. Privacy Mag."},{"issue":"4\u20136","key":"2_CR21","first-page":"194","volume":"24","author":"S Zhang","year":"2015","unstructured":"Zhang, S., Ou, X., Caragea, D.: Predicting cyber risks through national vulnerability database. Inf. Secur. J. 24(4\u20136), 194\u2013206 (2015)","journal-title":"Inf. Secur. J."}],"container-title":["Lecture Notes in Computer Science","Risks and Security of Internet and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-68887-5_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,16]],"date-time":"2022-12-16T18:31:03Z","timestamp":1671215463000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-68887-5_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030688868","9783030688875"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-68887-5_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"12 February 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRiSIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Risks and Security of Internet and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Paris","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crisis2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.crisis-conference.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}