{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T15:26:40Z","timestamp":1767108400626,"version":"3.40.3"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031542039"},{"type":"electronic","value":"9783031542046"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-54204-6_6","type":"book-chapter","created":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T19:02:53Z","timestamp":1709233373000},"page":"104-123","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["On the\u00a0Usage of\u00a0NLP on\u00a0CVE Descriptions for\u00a0Calculating Risk"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3453-1892","authenticated-orcid":false,"given":"Thrasyvoulos","family":"Giannakopoulos","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8823-018X","authenticated-orcid":false,"given":"Konstantinos","family":"Maliatsos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,1]]},"reference":[{"key":"6_CR1","unstructured":"Bird, S., Klein, E., Loper, E.: Natural language processing with Python: analyzing text with the natural language toolkit. O\u2019Reilly Media, Inc. (2009)"},{"key":"6_CR2","unstructured":"CAPEC: About CAPEC. https:\/\/capec.mitre.org\/about\/index.html 04 Apr 2019"},{"key":"6_CR3","doi-asserted-by":"publisher","unstructured":"Cheikes, B., Waltermire, D., Scarfone, K.: Common Platform Enumeration: Naming Specification Version 2, 3 (2011). https:\/\/doi.org\/10.6028\/NIST.IR.7695, https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=909010","DOI":"10.6028\/NIST.IR.7695"},{"key":"6_CR4","unstructured":"CISA: Apache Log4j Vulnerability Guidance. https:\/\/www.cisa.gov\/uscert\/apache-log4j-vulnerability-guidance Accessed 27 Apr 2022"},{"key":"6_CR5","unstructured":"CVE: CVE Numbering Authority (CNA) Rules. https:\/\/www.cve.org\/ResourcesSupport\/AllResources\/CNARules 05 Mar 2020"},{"key":"6_CR6","unstructured":"CVE: History. https:\/\/www.cve.org\/About\/History Accessed 27 Apr 2022"},{"key":"6_CR7","unstructured":"CVE: Process for Assigning CVE IDs to End-of-Life (EOL) Products. https:\/\/cve.mitre.org\/cve\/cna\/CVE_Program_End_of_Life_EOL_Assignment_Process.html 11 Dec 2020"},{"key":"6_CR8","unstructured":"CWE: 2021 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2021\/2021_cwe_top25.html 13 Oct 2022"},{"key":"6_CR9","unstructured":"CWE: About CWE. https:\/\/cwe.mitre.org\/about\/index.html 06 June 2023"},{"key":"6_CR10","unstructured":"CWE: CWE VIEW: Weaknesses for Simplified Mapping of Published Vulnerabilities. https:\/\/cwe.mitre.org\/data\/definitions\/1003.html 27 Apr 2023"},{"key":"6_CR11","unstructured":"CWE: Weaknesses Originally Used by NVD from 2008 to 2016. https:\/\/cwe.mitre.org\/data\/definitions\/635.html 27 Apr 2023"},{"key":"6_CR12","unstructured":"FIRST: Common Vulnerability Scoring System v1 Archive. https:\/\/www.first.org\/cvss\/v1\/ 14 Apr 2005"},{"key":"6_CR13","unstructured":"FIRST: Common Vulnerability Scoring System version 3.1: User Guide. https:\/\/www.first.org\/cvss\/user-guide Accessed 5 May 2022"},{"key":"6_CR14","unstructured":"FIRST: New version of Common Vulnerability Scoring System released. https:\/\/www.first.org\/cvss\/v2\/ 20 June 2007"},{"key":"6_CR15","doi-asserted-by":"publisher","unstructured":"Kanakogi, K., et al.: Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques. Information 12(8), (2021). https:\/\/doi.org\/10.3390\/info12080298, https:\/\/www.mdpi.com\/2078-2489\/12\/8\/298","DOI":"10.3390\/info12080298"},{"issue":"3","key":"6_CR16","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1109\/MSPEC.2013.6471059","volume":"50","author":"D Kushner","year":"2013","unstructured":"Kushner, D.: The real story of stuxnet. IEEE Spectr. 50(3), 48\u201353 (2013). https:\/\/doi.org\/10.1109\/MSPEC.2013.6471059","journal-title":"IEEE Spectr."},{"key":"6_CR17","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-031-25460-4_8","volume-title":"Computer Security. ESORICS 2022 International Workshops: CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT &SECOMANE 2022, EIS 2022, and SecAssure 2022, Copenhagen, Denmark, September 26\u201330, 2022, Revised Selected Papers","author":"C Lyvas","year":"2023","unstructured":"Lyvas, C., et al.: A hybrid dynamic risk analysis methodology for\u00a0cyber-physical systems. In: Kastsikas, S., et al. (eds.) Computer Security. ESORICS 2022 International Workshops: CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT &SECOMANE 2022, EIS 2022, and SecAssure 2022, Copenhagen, Denmark, September 26\u201330, 2022, Revised Selected Papers, pp. 134\u2013152. Springer International Publishing, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-25460-4_8"},{"key":"6_CR18","doi-asserted-by":"publisher","unstructured":"Manning, C.D., Raghavan, P., Sch\u00fctze, H.: Introduction to Information Retrieval. Cambridge University Press (2008). https:\/\/doi.org\/10.1017\/CBO9780511809071","DOI":"10.1017\/CBO9780511809071"},{"key":"6_CR19","unstructured":"Microsoft Security Response Center: Customer Guidance for WannaCrypt attacks. https:\/\/msrc-blog.microsoft.com\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/ 12 May 2017"},{"key":"6_CR20","unstructured":"NIST CSRC: Common Platform Enumeration (CPE). https:\/\/csrc.nist.gov\/Projects\/Security-Content-Automation-Protocol\/Specifications\/cpe 20 Apr 2023"},{"key":"6_CR21","unstructured":"NVD: A Brief History of the NVD. https:\/\/nvd.nist.gov\/general\/brief-history Accessed 27 Apr 2022"},{"key":"6_CR22","doi-asserted-by":"publisher","unstructured":"Ruder, S.: An overview of gradient descent optimization algorithms (2016). https:\/\/doi.org\/10.48550\/ARXIV.1609.04747, https:\/\/arxiv.org\/abs\/1609.04747","DOI":"10.48550\/ARXIV.1609.04747"},{"key":"6_CR23","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4899-7687-1","volume-title":"Encyclopedia of Machine Learning and Data Mining","year":"2017","unstructured":"Sammut, C., Webb, G.I. (eds.): Encyclopedia of Machine Learning and Data Mining. Springer US, Boston, MA (2017). https:\/\/doi.org\/10.1007\/978-1-4899-7687-1"},{"key":"6_CR24","doi-asserted-by":"publisher","unstructured":"Sun, J., et al.: Generating Informative CVE Description From ExploitDB Posts by Extractive Summarization (2021). https:\/\/doi.org\/10.48550\/ARXIV.2101.01431, https:\/\/arxiv.org\/abs\/2101.01431","DOI":"10.48550\/ARXIV.2101.01431"},{"key":"6_CR25","unstructured":"Tai, W.: How to Use VPR to Manage Threats Prior to NVD Publication. https:\/\/www.tenable.com\/blog\/how-to-use-vpr-to-manage-threats-prior-to-nvd-publication 22 May 2020"},{"key":"6_CR26","unstructured":"Tai, W.: What Is VPR and How Is It Different from CVSS?. https:\/\/www.tenable.com\/blog\/what-is-vpr-and-how-is-it-different-from-cvss 16 Apr 2020"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2023 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-54204-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T19:04:17Z","timestamp":1709233457000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-54204-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031542039","9783031542046"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-54204-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"1 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}