{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T19:35:14Z","timestamp":1770752114604,"version":"3.50.0"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030725815","type":"print"},{"value":"9783030725822","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-72582-2_5","type":"book-chapter","created":{"date-parts":[[2021,3,29]],"date-time":"2021-03-29T12:02:43Z","timestamp":1617019363000},"page":"76-92","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Our (in)Secure Web: Understanding Update Behavior of Websites and Its Impact on Security"],"prefix":"10.1007","author":[{"given":"Nurullah","family":"Demir","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tobias","family":"Urban","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin","family":"Wittek","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Norbert","family":"Pohlmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,30]]},"reference":[{"key":"5_CR1","unstructured":"Barth, A.: The Web Origin Concept. RFC 6465, Internet Engineering Task Force (2011). https:\/\/tools.ietf.org\/html\/rfc6454"},{"key":"5_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/978-3-319-08593-7_8","volume-title":"Trust and Trustworthy Computing","author":"T van Goethem","year":"2014","unstructured":"van Goethem, T., Chen, P., Nikiforakis, N., Desmet, L., Joosen, W.: Large-scale security analysis of the web: challenges and findings. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 110\u2013126. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08593-7_8"},{"key":"5_CR3","unstructured":"Google Inc.: Chrome User Experience Report $$\\vert $$ Tools for Web Developers (2020). https:\/\/developers.google.com\/web\/tools\/chrome-user-experience-report?hl=de. Accessed 08 June 2020"},{"key":"5_CR4","unstructured":"HTTP Archive: About HTTP Archive (2020). https:\/\/httparchive.org\/about. Accessed 20 Oct 2020"},{"key":"5_CR5","unstructured":"HTTP Archive: Methodology\u2014The Web Almanac by HTTP Archive (2020). https:\/\/httparchive.org. Accessed 18 Jan 2021"},{"key":"5_CR6","unstructured":"HTTP Archive: The HTTP Archive Tracks How the Web is Built (2020). https:\/\/httparchive.org. Accessed 20 Oct 2020"},{"key":"5_CR7","doi-asserted-by":"publisher","unstructured":"Huang, C., Liu, J., Fang, Y., Zuo, Z.: A study on web security incidents in China by analyzing vulnerability disclosure platforms. Comput. Secur. 58 (2016). https:\/\/doi.org\/10.1016\/j.cose.2015.11.006","DOI":"10.1016\/j.cose.2015.11.006"},{"key":"5_CR8","doi-asserted-by":"publisher","unstructured":"Ikram, M., Masood, R., Tyson, G., Kaafar, M.A., Loizon, N., Ensafi, R.: The chain of implicit trust: an analysis of the web third-party resources loading. In: International Conference on World Wide Web, WWW, International World Wide Web Conferences Steering Committee (2019). https:\/\/doi.org\/10.1145\/3308558.3313521","DOI":"10.1145\/3308558.3313521"},{"issue":"1","key":"5_CR9","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/s10664-017-9521-5","volume":"23","author":"RG Kula","year":"2017","unstructured":"Kula, R.G., German, D.M., Ouni, A., Ishio, T., Inoue, K.: Do developers update their library dependencies? Empirical Softw. Eng. 23(1), 384\u2013417 (2017). https:\/\/doi.org\/10.1007\/s10664-017-9521-5","journal-title":"Empirical Softw. Eng."},{"key":"5_CR10","doi-asserted-by":"publisher","unstructured":"Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., Kirda, E.: Thou shalt not depend on me: analysing the use of outdated javascript libraries on the web. In: Symposium on Network and Distributed System Security, NDSS (2017). https:\/\/doi.org\/10.14722\/ndss.2017.23414","DOI":"10.14722\/ndss.2017.23414"},{"key":"5_CR11","doi-asserted-by":"publisher","unstructured":"Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczy\u0144ski, M., Joosen, W.: Tranco: a Research-oriented top sites ranking hardened against manipulation. In: Symposium on Network and Distributed System Security, NDSS (2019). https:\/\/doi.org\/10.14722\/ndss.2019.23386","DOI":"10.14722\/ndss.2019.23386"},{"key":"5_CR12","unstructured":"National Institute of Standards and Technology: Official Common Platform Enumeration (CPE) Dictionary (2020). https:\/\/nvd.nist.gov\/products\/cpe. Accessed 19 Oct 2020"},{"key":"5_CR13","doi-asserted-by":"publisher","unstructured":"Nguyen, V.H., Massacci, F.: The (un)reliability of NVD vulnerable versions data: an empirical experiment on Google Chrome vulnerabilities. In: ACM Symposium on Information, Computer and Communications Security, AsiaCCS (2013). https:\/\/doi.org\/10.1145\/2484313.2484377","DOI":"10.1145\/2484313.2484377"},{"key":"5_CR14","unstructured":"Preston-Werner, T.: Semantic Versioning 2.0.0 (2020). https:\/\/semver.org\/. Accessed 20 Oct 2020"},{"key":"5_CR15","doi-asserted-by":"publisher","unstructured":"Redmiles, E.M., Kross, S., Mazurek, M.L.: How I learned to be secure: a census-representative survey of security advice sources and behavior. In: ACM Conference on Computer and Communications Security, CCS (2016). https:\/\/doi.org\/10.1145\/2976749.2978307","DOI":"10.1145\/2976749.2978307"},{"key":"5_CR16","doi-asserted-by":"publisher","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: International Conference on Software Engineering, ICSE (2012). https:\/\/doi.org\/10.5555\/2337223.2337314","DOI":"10.5555\/2337223.2337314"},{"key":"5_CR17","unstructured":"shopware AG: Updating Shopware (2020). https:\/\/docs.shopware.com\/en\/shopware-5-en\/update-guides\/updating-shopware. Accessed 20 Oct 2020"},{"key":"5_CR18","doi-asserted-by":"publisher","unstructured":"Stock, B., Johns, M., Steffens, M., Backes, M.: How the web tangled itself: uncovering the history of client-side web (in)security. In: USENIX Security Symposium, SEC (2017). https:\/\/doi.org\/10.5555\/3241189.3241265","DOI":"10.5555\/3241189.3241265"},{"key":"5_CR19","doi-asserted-by":"publisher","unstructured":"Tajalizadehkhoob, S., et al.: Herding vulnerable cats: a statistical approach to disentangle joint responsibility for web security in shared hosting. In: ACM Conference on Computer and Communications Security, CCS (2017). https:\/\/doi.org\/10.1145\/3133956.3133971","DOI":"10.1145\/3133956.3133971"},{"issue":"2","key":"5_CR20","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s10009-010-0182-6","volume":"13","author":"M Torchiano","year":"2011","unstructured":"Torchiano, M., Ricca, F., Marchetto, A.: Are web applications more defect-prone than desktop applications? Int. J. Softw. Tools Technol. Transf. 13(2), 151\u2013166 (2011). https:\/\/doi.org\/10.1007\/s10009-010-0182-6","journal-title":"Int. J. Softw. Tools Technol. Transf."},{"key":"5_CR21","doi-asserted-by":"publisher","unstructured":"Urban, T., Degeling, M., Holz, T., Pohlmann, N.: Beyond the front page: measuring third party dynamics in the field. In: International Conference on World Wide Web, WWW (2020). https:\/\/doi.org\/10.1145\/3366423.3380203","DOI":"10.1145\/3366423.3380203"},{"key":"5_CR22","doi-asserted-by":"publisher","unstructured":"Van Acker, S., Hausknecht, D., Sabelfeld, A.: Measuring login webpage security. In: Symposium on Applied Computing, SAC, pp. 1753\u20131760 (2020). https:\/\/doi.org\/10.1145\/3019612.3019798","DOI":"10.1145\/3019612.3019798"},{"key":"5_CR23","doi-asserted-by":"publisher","unstructured":"Vaniea, K., Rashidi, Y.: Tales of software updates: the process of updating software. In: Conference on Human Factors in Computing Systems, CHI (2016). https:\/\/doi.org\/10.1145\/2858036.2858303","DOI":"10.1145\/2858036.2858303"},{"key":"5_CR24","unstructured":"Wappalyzer: Identify technology on websites\u2013Wappalyzer (2020). https:\/\/www.wappalyzer.com. Accessed 08 July 2020"},{"key":"5_CR25","unstructured":"WordPress: Configuring Automatic Background Updates (2019). https:\/\/wordpress.org\/support\/article\/configuring-automatic-background-updates. Accessed 20 Oct 2020"},{"key":"5_CR26","doi-asserted-by":"publisher","unstructured":"Zou, Y., Mhaidli, A.H., McCall, A., Schaub, F.: \u201cI\u2019ve got nothing to lose\u201d: consumers\u2019 risk perceptions and protective actions after the equifax data breach. In: Symposium on Usable Privacy and Security, SOUPS (2018). https:\/\/doi.org\/10.5555\/3291228.3291245","DOI":"10.5555\/3291228.3291245"}],"container-title":["Lecture Notes in Computer Science","Passive and Active Measurement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-72582-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T19:36:33Z","timestamp":1620156993000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-72582-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030725815","9783030725822"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-72582-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"30 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PAM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Passive and Active Network Measurement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cottbus","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pam2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.pam2021.b-tu.de\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCrp","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"75","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}