{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T05:41:07Z","timestamp":1771047667053,"version":"3.50.1"},"publisher-location":"Cham","reference-count":18,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031367564","type":"print"},{"value":"9783031367571","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-36757-1_28","type":"book-chapter","created":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T16:01:40Z","timestamp":1688227300000},"page":"375-382","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["On Tools for\u00a0Practical and\u00a0Effective Security Policy Management and\u00a0Vulnerability Scanning"],"prefix":"10.1007","author":[{"given":"Ilkka","family":"Urtamo","sequence":"first","affiliation":[]},{"given":"Andrei","family":"Costin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,2]]},"reference":[{"key":"28_CR1","unstructured":"Auditing for Vulnerabilities By Using OVAL Definitions. https:\/\/docs.oracle.com\/en\/operating-systems\/oracle-linux\/8\/oscap\/auditing_for_vulnerabilities_by_using_oval_definitions.html#topic_q4t_znf_m5b"},{"key":"28_CR2","unstructured":"Canonical security certifications|Security. https:\/\/ubuntu.com\/security\/certifications"},{"key":"28_CR3","unstructured":"CIS Benchmarks\u2122. https:\/\/www.cisecurity.org\/cis-benchmarks\/"},{"key":"28_CR4","unstructured":"CVE Binary Tool. https:\/\/github.com\/intel\/cve-bin-tool"},{"key":"28_CR5","unstructured":"Home|OpenSCAP portal. https:\/\/www.open-scap.org\/"},{"key":"28_CR6","unstructured":"macOS Security Compliance Project. https:\/\/github.com\/usnistgov\/macos_security"},{"key":"28_CR7","unstructured":"NCP - National Checklist Program Checklist Repository. https:\/\/ncp.nist.gov\/repository"},{"key":"28_CR8","unstructured":"Ubuntu Oval | Security. https:\/\/ubuntu.com\/security\/oval"},{"key":"28_CR9","unstructured":"Vulnerability Scanning Red Hat Enterprise Linux 7|Red Hat Customer Portal. https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/7\/html\/security_guide\/vulnerability-scanning_scanning-the-system-for-configuration-compliance-and-vulnerabilities"},{"key":"28_CR10","doi-asserted-by":"crossref","unstructured":"Aksu, M.U., et al.: A quantitative CVSS-based cyber security risk assessment methodology for it systems. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1\u20138. IEEE (2017)","DOI":"10.1109\/CCST.2017.8167819"},{"key":"28_CR11","doi-asserted-by":"crossref","unstructured":"Chen, A., Zhang, Z.: A comparative study of credentialed vulnerability scanning and non-credentialed vulnerability scanning. In: 2021 IEEE International Conference on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA\/BDCloud\/SocialCom\/SustainCom), pp. 1613\u20131616. IEEE (2021)","DOI":"10.1109\/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00215"},{"key":"28_CR12","unstructured":"Computer Security Division, I.T.L.: SCAP Validated Products and Modules - Security Content Automation Protocol Validation Program | CSRC | CSRC. https:\/\/csrc.nist.gov\/Projects\/scap-validation-program\/Validated-Products-and-Modules"},{"issue":"3","key":"28_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3442480","volume":"54","author":"SWA Hamdani","year":"2021","unstructured":"Hamdani, S.W.A., et al.: Cybersecurity standards in the context of operating system: practical aspects, analysis, and comparisons. ACM Comput. Surv. (CSUR) 54(3), 1\u201336 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"28_CR14","unstructured":"Project, O.S.G.: OpenSCAP Security Guide. https:\/\/github.com\/ComplianceAsCode\/content\/wiki\/Home"},{"key":"28_CR15","doi-asserted-by":"crossref","unstructured":"Quinn, S.D., Waltermire, D.A., Johnson, C.S., Scarfone, K.A., Banghart, J.F.: The technical specification for the security content automation protocol (scap): Scap version 1.0 (2009)","DOI":"10.6028\/NIST.SP.800-117"},{"key":"28_CR16","unstructured":"Torchio, M.: Security assessment and threat response through SCAP. Ph.D. thesis, Politecnico di Torino (2022)"},{"key":"28_CR17","doi-asserted-by":"crossref","unstructured":"Trapnell, M., Trapnell, E., Souppaya, M., Gendler, B., Scarfone, K.: Automated secure configuration guidance from the macos security compliance project (mscp). Tech. rep, National Institute of Standards and Technology (2022)","DOI":"10.6028\/NIST.SP.800-219-draft"},{"key":"28_CR18","unstructured":"Waltermire, D., Quinn, S., Booth, H., Scarfone, K., Prisaca, D.: The technical specification for the security content automation protocol (scap): Scap version 1.3. Tech. rep., National Institute of Standards and Technology (2016)"}],"container-title":["Lecture Notes in Business Information Processing","Business Modeling and Software Design"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-36757-1_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T16:04:50Z","timestamp":1688227490000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-36757-1_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031367564","9783031367571"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-36757-1_28","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"value":"1865-1348","type":"print"},{"value":"1865-1356","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"2 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"BMSD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Business Modeling and Software Design","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Utrecht","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"bmsd2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.is-bmsd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}