{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T11:26:01Z","timestamp":1753356361035,"version":"3.41.0"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030773915"},{"type":"electronic","value":"9783030773922"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-77392-2_14","type":"book-chapter","created":{"date-parts":[[2021,7,2]],"date-time":"2021-07-02T23:06:05Z","timestamp":1625267165000},"page":"212-225","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Heuristic Evaluation of Vulnerability Risk Management Leaders\u2019 Presentations of Cyber Threat and Cyber Risk"],"prefix":"10.1007","author":[{"given":"Chris","family":"Nichols","sequence":"first","affiliation":[]},{"given":"Geoff","family":"Stoker","sequence":"additional","affiliation":[]},{"given":"Ulku","family":"Clark","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,3]]},"reference":[{"key":"14_CR1","doi-asserted-by":"crossref","unstructured":"Allodi, L., Massacci, F., Comparing vulnerability severity and exploits using case-control studies. In: ACM Transactions on Information and System Security (2014). https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2630069. Accessed 2 Feb 2021","DOI":"10.1145\/2630069"},{"key":"14_CR2","unstructured":"Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss\/. Accessed 2 Feb 2021"},{"key":"14_CR3","unstructured":"Expanse White Paper. Security Ratings Are a Dangerous Fantasy (2020). https:\/\/go.expanse.co\/rs\/221-SBF-942\/images\/WP_Expanse_Security_Ratings_101_EN.pdf. Accessed 2 Feb 2021"},{"key":"14_CR4","unstructured":"Hinze-Hoare, V.: Review and Analysis of Human Computer Interaction (HCI) Principles (2007). arXiv preprint. https:\/\/arxiv.org\/ftp\/arxiv\/papers\/0707\/0707.3638.pdf. Accessed 2 Feb 2021"},{"key":"14_CR5","unstructured":"Holmes, O.W.: The Common Law. Little, Brown, and Company, Boston, MA (1909). https:\/\/www.google.com\/books\/edition\/The_Common_Law\/xXouAAAAIAAJ?hl=en&gbpv=1&bsq=reasonable. Accessed 2 Feb 2021"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Jacobs, J., Romanosky, S., Adjerid, I., Baker, W.: Improving vulnerability remediation through better exploit prediction. J. Cybersecurity 6, 1 (2020) https:\/\/academic.oup.com\/cybersecurity\/article\/6\/1\/tyaa015\/5905457. Accessed 2 Feb 2021","DOI":"10.1093\/cybsec\/tyaa015"},{"key":"14_CR7","unstructured":"Kenna Security. Getting Started w\/ Kenna.VM. https:\/\/www.youtube.com\/watch?v=CvnEp7MJZSk. Accessed 2 Feb 2021"},{"key":"14_CR8","unstructured":"Mann, D.E., Christey, S.M.: Towards a common enumeration of vulnerabilities. In: 2nd Workshop of Research with Security Vulnerability Databases (1999). https:\/\/cve.mitre.org\/docs\/docs-2000\/cerias.html. Accessed 2 Feb 2021"},{"key":"14_CR9","doi-asserted-by":"crossref","unstructured":"Molich, R., Nielsen, J.: Improving a human-computer dialogue. Commun. ACM 33(3), 338\u2013348 (1990). https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/77481.77486. Accessed 2 Feb 2021","DOI":"10.1145\/77481.77486"},{"key":"14_CR10","doi-asserted-by":"crossref","unstructured":"Nayak, K., Marino, D., Efstathopoulos, P., Dumitras, T.: Some vulnerabilities are different than others. In: International Workshop on Recent Advances in Intrusion Detection, pp. 426\u2013446 (2014). https:\/\/ssltest.cs.umd.edu\/~kartik\/papers\/1_vuln.pdf. Accessed 2 Feb 2021","DOI":"10.1007\/978-3-319-11379-1_21"},{"key":"14_CR11","doi-asserted-by":"crossref","unstructured":"Nielsen, J., Molich, R.: Heuristic evaluation of user interfaces. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 249\u2013256 (1990). https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/97243.97281. Accessed 2 Feb 2021","DOI":"10.1145\/97243.97281"},{"key":"14_CR12","unstructured":"Nielsen, J.: How to conduct a heuristic evaluation. Nielsen Norman Group 1, pp. 1\u20138 (1995). https:\/\/www.ingenieriasimple.com\/usabilidad\/HeuristicEvaluation.pdf. Accessed 2 Feb  2021"},{"key":"14_CR13","unstructured":"NIST National Vulnerability Database, Vulnerabilities. https:\/\/nvd.nist.gov\/vuln. Accessed 2 Feb 2021"},{"key":"14_CR14","unstructured":"NIST Special Publication 800\u2013126, Revision 3. The Technical Specification for the Security Content Automation Protocol (SCAP) (2018). https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-126r3.pdf. Accessed 2 Feb 2021"},{"key":"14_CR15","unstructured":"NIST Special Publication 800\u201330, Revision 1. Guide for Conducting Risk Assessments (2012). https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-30r1.pdf. Accessed 2 Feb 2021"},{"key":"14_CR16","unstructured":"NopSec Datasheet, New Unified VRM. https:\/\/www.nopsec.com\/wp-content\/uploads\/UnifiedVRM-datasheet.pdf. Accessed 2 Feb 2021"},{"key":"14_CR17","unstructured":"NopSec Image C. https:\/\/www.nopsec.com\/wp-content\/uploads\/Home-page.png. Accessed 2 Feb 2021"},{"key":"14_CR18","unstructured":"NopSec Image D. https:\/\/www.nopsec.com\/tag\/unified-vrm\/page\/2\/. Accessed 2 Feb 2021"},{"key":"14_CR19","unstructured":"Outpost24 Risk Overview Snapshot. https:\/\/outpost24.com\/sites\/default\/files\/glazed_builder_images\/Outpost24%20full%20stack_3.png. Accessed 2 Feb 2021"},{"key":"14_CR20","unstructured":"Rapid7 InsightVM Dashboard image. https:\/\/www.rapid7.com\/globalassets\/_images\/product\/insightvm\/insightvm-key-features-dashboard.jpg. Accessed 2 Feb 2021"},{"key":"14_CR21","unstructured":"Rapid7 Solution Brief, Quantifying Risk with InsightVM. (2020). https:\/\/www.rapid7.com\/globalassets\/_pdfs\/product-and-service-briefs\/rapid7-solution-brief-quantifying-risk-insightvm.pdf. Accessed 2 Feb 2021"},{"key":"14_CR22","unstructured":"Sabottke, C., Suciu, O., Dumitras, T.: Vulnerability disclosure in the age of social media: exploiting twitter for predicting real-world exploits. In: 24th (USENIX) Security Symposium, pp. 1041\u20131056 (2015). https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity15\/sec15-paper-sabottke.pdf. Accessed 2 Feb 2021"},{"key":"14_CR23","doi-asserted-by":"crossref","unstructured":"Siirtola, H.: The cost of pie charts. In: 23rd International Conference Information Visualisation (IV), pp. 151\u2013156 (2019). https:\/\/core.ac.uk\/download\/pdf\/250169498.pdf. Accessed 2 Feb 2021","DOI":"10.1109\/IV.2019.00034"},{"key":"14_CR24","unstructured":"Zelonis, J., Lyness, T., The Forrester WaveTM: Vulnerability Risk Management, Q4 2019 (2019). https:\/\/www.rapid7.com\/info\/vrm-wave\/. Accessed 2 Feb 2021"}],"container-title":["Lecture Notes in Computer Science","HCI for Cybersecurity, Privacy and Trust"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-77392-2_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T22:41:20Z","timestamp":1751496080000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-77392-2_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030773915","9783030773922"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-77392-2_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"3 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HCII","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Human-Computer Interaction","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"hcii2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2021.hci.international\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}