{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T21:13:55Z","timestamp":1742937235990,"version":"3.40.3"},"publisher-location":"Cham","reference-count":15,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030914516"},{"type":"electronic","value":"9783030914523"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-91452-3_15","type":"book-chapter","created":{"date-parts":[[2021,11,23]],"date-time":"2021-11-23T20:00:31Z","timestamp":1637697631000},"page":"215-230","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Communicating Cybersecurity Vulnerability Information: A Producer-Acquirer Case Study"],"prefix":"10.1007","author":[{"given":"Martin","family":"Hell","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"H\u00f6st","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,11,23]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Aldea, M., Gheorghic\u0103, D., Croitoru, V.: Software vulnerabilities integrated management system. In: Proceedings 13th International Conference on Communications (COMM), pp. 97\u2013102 (2020)","DOI":"10.1109\/COMM48946.2020.9141970"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Cobleigh, A., Hell, M., Karlsson, L., Reimer, O., S\u00f6nnerup, J., Wisenhoff, D.: Identifying, prioritizing and evaluating vulnerabilities in third party code. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Workshop (EDOCW), pp. 208\u2013211 (2018)","DOI":"10.1109\/EDOCW.2018.00038"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Corallo, A., Lazoi, M.: Value network collaborations for innovations in an aerospace company. In: Proceedings IEEE International Technology Management Conference (ICE) (2010)","DOI":"10.1109\/ICE.2010.7477040"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Du, Z.T., Xie, X.Z.: Research on construction strategy of enterprise information sharing in supply chain. In: Proceedings International Conference of Information Science and Management Engineering (ISME), pp. 49\u201353 (2010)","DOI":"10.1109\/ISME.2010.254"},{"key":"15_CR5","unstructured":"GitHub: The 2020 state of the octoverse (2020). https:\/\/octoverse.github.com"},{"issue":"12","key":"15_CR6","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1016\/S1353-4858(20)30141-0","volume":"2020","author":"S Mansfield-Devine","year":"2020","unstructured":"Mansfield-Devine, S.: Nation-state attacks: the escalating menace. Netw. Secur. 2020(12), 12\u201317 (2020)","journal-title":"Netw. Secur."},{"key":"15_CR7","unstructured":"Migues, S., Steven, J., Ware, M.: Building security in maturity model - version 11 (2021). https:\/\/www.bsimm.com"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Massacci, F.: The (un)reliability of NVD vulnerable versions data: an empirical experiment on Google Chrome vulnerabilities. In: Proceedings 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 493\u2013498 (2013)","DOI":"10.1145\/2484313.2484377"},{"key":"15_CR9","unstructured":"NIST: National vulnerability database (2021). https:\/\/nvd.nist.gov\/"},{"key":"15_CR10","doi-asserted-by":"publisher","unstructured":"Olsson, T., Hell, M., H\u00f6st, M., Franke, U., Borg, M.: Sharing of vulnerability information among companies - a survey of Swedish companies. In: Proceedings Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 284\u2013291 (2019). https:\/\/doi.org\/10.1109\/SEAA.2019.00051","DOI":"10.1109\/SEAA.2019.00051"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Ponta, S.E., Plate, H., Sabetta, A.: Beyond metadata: code-centric and usage-based analysis of known vulnerabilities in open-source software. In: Proceedings IEEE International Conference on Software Maintenance and Evolution (ICSME) (2018)","DOI":"10.1109\/ICSME.2018.00054"},{"key":"15_CR12","unstructured":"Robson, C.: Real World Research: A Resource for Social Scientists and Practisioner-Researchers. Blackwell (2002)"},{"key":"15_CR13","doi-asserted-by":"crossref","unstructured":"Runeson, P., H\u00f6st, M., Rainer, A., Regnell, B.: Case Study Research in Software Engineering - Guidelines and Examples. Wiley (2012)","DOI":"10.1002\/9781118181034"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"IBM Security: X-force threat intelligence index 2021 (2021). https:\/\/www.ibm.com\/se-en\/security\/data-breach\/threat-intelligence","DOI":"10.1016\/S1353-4858(21)00026-X"},{"issue":"5","key":"15_CR15","doi-asserted-by":"publisher","first-page":"2985","DOI":"10.1109\/TII.2020.3023507","volume":"17","author":"M Serror","year":"2021","unstructured":"Serror, M., Hack, S., Henze, M., Schuba, M., Wehrle, K.: Challenges and opportunities in securing the industrial internet of things. IEEE Trans. Ind. Inf. 17(5), 2985\u20132996 (2021). https:\/\/doi.org\/10.1109\/TII.2020.3023507","journal-title":"IEEE Trans. Ind. Inf."}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-91452-3_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,16]],"date-time":"2021-12-16T14:09:57Z","timestamp":1639663797000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-91452-3_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030914516","9783030914523"],"references-count":15,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-91452-3_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"23 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Turin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 November 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 November 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/softeng.polito.it\/profes2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasaChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"48","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Out of the 20 accepted papers, 14 are full papers, 3 are short papers, and 3 are industry papers.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}