{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T01:40:02Z","timestamp":1755826802775,"version":"3.44.0"},"publisher-location":"Cham","reference-count":68,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032042873"},{"type":"electronic","value":"9783032042880"}],"license":[{"start":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:00:00Z","timestamp":1755820800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:00:00Z","timestamp":1755820800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-04288-0_22","type":"book-chapter","created":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T08:22:41Z","timestamp":1755764561000},"page":"355-374","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cybersecurity Vulnerabilities Management for Small and Medium Enterprises"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2864-2203","authenticated-orcid":false,"given":"Jose A.","family":"Calvo-Manzano","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6104-7430","authenticated-orcid":false,"given":"Tom\u00e1s","family":"San Feliu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6433-5681","authenticated-orcid":false,"given":"\u00c1ngel","family":"Herranz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2665-7612","authenticated-orcid":false,"given":"Julio","family":"Mari\u00f1o","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8296-4609","authenticated-orcid":false,"given":"Lars-\u00c5ke","family":"Fredlund","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1555-9726","authenticated-orcid":false,"given":"Ricardo","family":"Colomo-Palacios","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8397-6794","authenticated-orcid":false,"given":"Ana M.","family":"Moreno","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,8,22]]},"reference":[{"key":"22_CR1","unstructured":"European Commission. Directorate General for Internal Market, Industry, Entrepreneurship and SMEs., European Commission. Joint Research Centre.: Annual report on European SMEs 2023\/2024: SME performance review 2023\/2024. Publications Office, LU (2024)"},{"key":"22_CR2","unstructured":"DocsRoom - European Commission. https:\/\/ec.europa.eu\/docsroom\/documents\/60583"},{"key":"22_CR3","unstructured":"European Union Agency for Cybersecurity.: ENISA threat landscape 2024: July 2023 to June 2024. Publications Office, LU (2024)"},{"key":"22_CR4","unstructured":"CB-US-Q4-CyberRoundupReport24.pdf. https:\/\/cowbell.insure\/wp-content\/uploads\/pdfs\/CB-US-Q4-CyberRoundupReport24.pdf"},{"key":"22_CR5","unstructured":"Cisco Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette. https:\/\/learn-cloudsecurity.cisco.com\/umbrella-library\/cyber-threat-trends-report"},{"key":"22_CR6","doi-asserted-by":"publisher","first-page":"691","DOI":"10.1108\/ICS-01-2024-0025","volume":"32","author":"R Adriko","year":"2024","unstructured":"Adriko, R., Nurse, J.R.C.: Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic review. ICS 32, 691\u2013710 (2024). https:\/\/doi.org\/10.1108\/ICS-01-2024-0025","journal-title":"ICS"},{"key":"22_CR7","doi-asserted-by":"publisher","unstructured":"Towards an Integrated Cybersecurity Framework for Small and Medium Enterprises|SpringerLink. https:\/\/doi.org\/10.1007\/978-3-031-71139-8_16","DOI":"10.1007\/978-3-031-71139-8_16"},{"key":"22_CR8","doi-asserted-by":"publisher","unstructured":"Howland, H.: CVSS: ubiquitous and broken. Digital Threats. 4, 1:1\u20131:12 (2022). https:\/\/doi.org\/10.1145\/3491263","DOI":"10.1145\/3491263"},{"key":"22_CR9","unstructured":"Downloads|CVE. https:\/\/www.cve.org\/Downloads"},{"key":"22_CR10","unstructured":"INCIBE: Glosario de t\u00e9rminos de ciberseguridad: Una guia de aproximaci\u00f3n para el empresario. INCIBE"},{"key":"22_CR11","unstructured":"Vulnerabilities and Exploits. https:\/\/www.enisa.europa.eu\/topics\/incident-response\/glossary\/vulnerabilities-and-exploits"},{"key":"22_CR12","unstructured":"ISO\/IEC 27000 Information technology \u2014 Security techniques \u2014 Information security management systems \u2014 Overview and vocabulary. https:\/\/www.iso.org\/standard\/73906.html (2018)"},{"key":"22_CR13","unstructured":"NIST Special Publication 800\u201330 Revision 1 (2012)"},{"key":"22_CR14","unstructured":"Hillebrand, F.: Guide to Basic Protection based on IT-Grundschutz"},{"key":"22_CR15","unstructured":"Alberts, C., Wallen, C., Woody, C., Bandor, M., Merendino, T.: Security Engineering Framework (SEF): Managing Security and Resilience Risks Across the Systems Lifecycle. Carnegie Mellon University (2024)"},{"key":"22_CR16","unstructured":"PAe - MAGERIT v.3\u202f: Metodolog\u00eda de An\u00e1lisis y Gesti\u00f3n de Riesgos de los Sistemas de Informaci\u00f3n. https:\/\/administracionelectronica.gob.es\/pae_Home\/pae_Documentacion\/pae_Metodolog\/pae_Magerit.html?idioma=es"},{"key":"22_CR17","unstructured":"Vocabulary|NICCS. https:\/\/niccs.cisa.gov\/cybersecurity-career-resources\/vocabulary"},{"key":"22_CR18","unstructured":"NVD - CVEs and the NVD Process. https:\/\/nvd.nist.gov\/general\/cve-process"},{"key":"22_CR19","unstructured":"CWE - Common Weakness Enumeration. https:\/\/cwe.mitre.org\/"},{"key":"22_CR20","unstructured":"NVD \u2013 Vulnerabilities. https:\/\/nvd.nist.gov\/vuln"},{"key":"22_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111679","volume":"201","author":"X Li","year":"2023","unstructured":"Li, X., Moreschini, S., Zhang, Z., Palomba, F., Taibi, D.: The anatomy of a vulnerability database: a systematic mapping study. J. Syst. Softw. 201, 111679 (2023). https:\/\/doi.org\/10.1016\/j.jss.2023.111679","journal-title":"J. Syst. Softw."},{"key":"22_CR22","unstructured":"NVD \u2013 CPE. https:\/\/nvd.nist.gov\/products\/cpe"},{"key":"22_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.infsof.2015.03.007","volume":"64","author":"K Petersen","year":"2015","unstructured":"Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for conducting systematic mapping studies in software engineering: an update. Inf. Softw. Technol. 64, 1\u201318 (2015). https:\/\/doi.org\/10.1016\/j.infsof.2015.03.007","journal-title":"Inf. Softw. Technol."},{"key":"22_CR24","doi-asserted-by":"publisher","unstructured":"Hommersom, D., Sabetta, A., Coppola, B., Nucci, D.D., Tamburri, D.A.: Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories. ACM Trans. Softw. Eng. Methodol. 33 (2024). https:\/\/doi.org\/10.1145\/3649590","DOI":"10.1145\/3649590"},{"key":"22_CR25","doi-asserted-by":"publisher","unstructured":"Standards, N.I. of, Technology: NIST Special Publication 800\u201353: Security and Privacy Controls for Federal Information Systems and Organizations. NIST SP-800\u201353 Ar4. 400+ (2013). https:\/\/doi.org\/10.6028\/NIST.SP.800-53Ar4","DOI":"10.6028\/NIST.SP.800-53Ar4"},{"key":"22_CR26","unstructured":"Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers. https:\/\/www.exploit-db.com\/"},{"key":"22_CR27","unstructured":"Jiang, Y., Oo, N., Meng, Q., Lim, H.W., Sikdar, B.: A Survey on Vulnerability Prioritization: Taxonomy, Metrics, and Research Challenges. http:\/\/arxiv.org\/abs\/2502.11070 (2025)"},{"key":"22_CR28","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/s10207-024-00922-z","volume":"24","author":"Z Zhang","year":"2024","unstructured":"Zhang, Z., Kumar, V., Pfahringer, B., Bifet, A.: AI-enabled automated common vulnerability scoring from common vulnerabilities and exposures descriptions. Int. J. Inf. Secur. 24, 16 (2024). https:\/\/doi.org\/10.1007\/s10207-024-00922-z","journal-title":"Int. J. Inf. Secur."},{"key":"22_CR29","doi-asserted-by":"crossref","unstructured":"Milousi, K., et al.: Evaluating Cybersecurity Risk: A Comprehensive Comparison of Vulnerability Scoring Methodologies. In: Proceedings of the 19th International Conference on Availability, Reliability and Security, pp. 1\u201311. ACM, Vienna Austria (2024)","DOI":"10.1145\/3664476.3670915"},{"key":"22_CR30","unstructured":"Eggendorfer, T., Andresen, K.: Using Security Metrics to improve Cyber-Resilience. (2024)"},{"key":"22_CR31","doi-asserted-by":"publisher","first-page":"1208","DOI":"10.3390\/electronics13071208","volume":"13","author":"G Gori","year":"2024","unstructured":"Gori, G., Rinieri, L., Melis, A., Al Sadi, A., Callegati, F., Prandini, M.: A systematic analysis of security metrics for industrial cyber-physical systems. Electronics 13, 1208 (2024). https:\/\/doi.org\/10.3390\/electronics13071208","journal-title":"Electronics"},{"key":"22_CR32","doi-asserted-by":"publisher","unstructured":"Bennouk, K., Ait Aali, N., El Bouzekri El Idrissi, Y., Sebai, B., Faroukhi, A.Z., Mahouachi, D.: A comprehensive review and assessment of cybersecurity vulnerability detection methodologies. J. Cybersecurity Privacy 4, 853\u2013908 (2024). https:\/\/doi.org\/10.3390\/jcp4040040","DOI":"10.3390\/jcp4040040"},{"key":"22_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3648610","volume":"56","author":"S Elder","year":"2024","unstructured":"Elder, S., Rahman, M.R., Fringer, G., Kapoor, K., Williams, L.: A survey on software vulnerability exploitability assessment. ACM Comput. Surv. 56, 1\u201341 (2024). https:\/\/doi.org\/10.1145\/3648610","journal-title":"ACM Comput. Surv."},{"key":"22_CR34","doi-asserted-by":"crossref","unstructured":"Gomes Valadares, D.C., Perkusich, A., de Souza Santos, D.F.: Measuring security with a score system. In: 2024 11th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 9\u201315 (2024)","DOI":"10.1109\/FiCloud62933.2024.00010"},{"key":"22_CR35","unstructured":"Georgiev, D., Schubert, S., Warren, M.D.: Modern Vulnerability Management apart from CVSS"},{"key":"22_CR36","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s10207-023-00734-7","volume":"23","author":"H Kek\u00fcl","year":"2024","unstructured":"Kek\u00fcl, H., Ergen, B., Arslan, H.: Estimating vulnerability metrics with word embedding and multiclass classification methods. Int. J. Inf. Secur. 23, 247\u2013270 (2024). https:\/\/doi.org\/10.1007\/s10207-023-00734-7","journal-title":"Int. J. Inf. Secur."},{"key":"22_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103382","volume":"132","author":"M Albanese","year":"2023","unstructured":"Albanese, M., Iganibo, I., Adebiyi, O.: A framework for designing vulnerability metrics. Comput. Secur. 132, 103382 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103382","journal-title":"Comput. Secur."},{"key":"22_CR38","doi-asserted-by":"publisher","first-page":"2274","DOI":"10.1016\/j.matpr.2021.06.228","volume":"80","author":"S Gupta Bhol","year":"2023","unstructured":"Gupta Bhol, S., Mohanty, J., Kumar Pattnaik, P.: Taxonomy of cyber security metrics to measure strength of cyber security. Mater. Today: Proc. 80, 2274\u20132279 (2023). https:\/\/doi.org\/10.1016\/j.matpr.2021.06.228","journal-title":"Mater. Today: Proc."},{"key":"22_CR39","doi-asserted-by":"publisher","unstructured":"Sharma, A., Sabharwal, S., Nagpal, S.: A hybrid scoring system for prioritization of software vulnerabilities. Comput. Secur. 129 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103256","DOI":"10.1016\/j.cose.2023.103256"},{"key":"22_CR40","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1016\/j.ijin.2023.09.002","volume":"4","author":"Q Zhu","year":"2023","unstructured":"Zhu, Q.: Enhancing vulnerability scoring for information security in intelligent computers. Int. J. Intell. Netw. 4, 253\u2013260 (2023). https:\/\/doi.org\/10.1016\/j.ijin.2023.09.002","journal-title":"Int. J. Intell. Netw."},{"key":"22_CR41","doi-asserted-by":"publisher","first-page":"3078","DOI":"10.1108\/ECAM-06-2020-0400","volume":"28","author":"BRK Mantha","year":"2020","unstructured":"Mantha, B.R.K., de Soto, B.G.: Assessment of the cybersecurity vulnerability of construction networks. Eng. Constr. Archit. Manag. 28, 3078\u20133105 (2020). https:\/\/doi.org\/10.1108\/ECAM-06-2020-0400","journal-title":"Eng. Constr. Archit. Manag."},{"key":"22_CR42","doi-asserted-by":"crossref","unstructured":"Iganibo, I., Albanese, M., Mosko, M., Bier, E., Brito, A.: Vulnerability Metrics for Graph-based Configuration Security: In: Proceedings of the 18th International Conference on Security and Cryptography, pp. 259\u2013270. SCITEPRESS - Science and Technology Publications, Online Streaming, --- Select a Country --- (2021)","DOI":"10.5220\/0010559402590270"},{"key":"22_CR43","doi-asserted-by":"crossref","unstructured":"Keskin, O., Gannon, N., Lopez, B., Tatar, U.: Scoring cyber vulnerabilities based on their impact on organizational goals. In: 2021 Systems and Information Engineering Design Symposium (SIEDS), pp. 1\u20136 (2021)","DOI":"10.1109\/SIEDS52267.2021.9483741"},{"key":"22_CR44","doi-asserted-by":"publisher","unstructured":"Wunder, J., Corona, A., Hammer, A., Benenson, Z.: On NVD users\u2019 attitudes, experiences, hopes, and hurdles. Digital Threats Res. Pract. 5 (2024). https:\/\/doi.org\/10.1145\/3688806","DOI":"10.1145\/3688806"},{"key":"22_CR45","doi-asserted-by":"publisher","first-page":"4255","DOI":"10.1109\/TDSC.2021.3125270","volume":"19","author":"A Anwar","year":"2022","unstructured":"Anwar, A., Abusnaina, A., Chen, S., Li, F., Mohaisen, D.: Cleaning the NVD: comprehensive quality assessment, improvements, and analyses. IEEE Trans. Dependable Secure Comput. 19, 4255\u20134269 (2022). https:\/\/doi.org\/10.1109\/TDSC.2021.3125270","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"22_CR46","doi-asserted-by":"publisher","first-page":"93354","DOI":"10.1109\/ACCESS.2023.3309850","volume":"11","author":"R Singla","year":"2023","unstructured":"Singla, R., Reddy, N., Bettati, R., Alnuweiri, H.: Toward a multidimensional analysis of the national vulnerability database. IEEE Access 11, 93354\u201393367 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3309850","journal-title":"IEEE Access"},{"key":"22_CR47","unstructured":"IBM X-Force Exchange. https:\/\/exchange.xforce.ibmcloud.com\/exchange.xforce.ibmcloud.com"},{"key":"22_CR48","doi-asserted-by":"publisher","unstructured":"Hoque, M.S., Jamil, N., Amin, N., Lam, K.-Y.: An improved vulnerability exploitation prediction model with novel cost function and custom trained word vector embedding. Sensors 21 (2021). https:\/\/doi.org\/10.3390\/s21124220","DOI":"10.3390\/s21124220"},{"key":"22_CR49","doi-asserted-by":"publisher","first-page":"16951","DOI":"10.1007\/s11042-022-14036-y","volume":"82","author":"G Sharma","year":"2023","unstructured":"Sharma, G., Vidalis, S., Menon, C., Anand, N.: Analysis and implementation of semi-automatic model for vulnerability exploitations of threat agents in NIST databases. Multimedia Tools Appl. 82, 16951\u201316971 (2023). https:\/\/doi.org\/10.1007\/s11042-022-14036-y","journal-title":"Multimedia Tools Appl."},{"key":"22_CR50","doi-asserted-by":"publisher","first-page":"905","DOI":"10.1109\/TDSC.2023.3264567","volume":"21","author":"Y He","year":"2024","unstructured":"He, Y., et al.: Automatically identifying CVE affected versions with patches and developer logs. IEEE Trans. Dependable Secure Comput. 21, 905\u2013919 (2024). https:\/\/doi.org\/10.1109\/TDSC.2023.3264567","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"22_CR51","doi-asserted-by":"publisher","unstructured":"K\u00fchn, P., Relke, D.N., Reuter, C.: Common vulnerability scoring system prediction based on open source intelligence information sources. Comput. Secur. 131 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103286","DOI":"10.1016\/j.cose.2023.103286"},{"key":"22_CR52","doi-asserted-by":"publisher","first-page":"198","DOI":"10.3390\/electronics11020198","volume":"11","author":"M Abdullahi","year":"2022","unstructured":"Abdullahi, M., et al.: Detecting cybersecurity attacks in Internet of Things using artificial intelligence methods: a systematic literature review. Electronics 11, 198 (2022). https:\/\/doi.org\/10.3390\/electronics11020198","journal-title":"Electronics"},{"key":"22_CR53","doi-asserted-by":"publisher","unstructured":"Yasasin, E., Prester, J., Wagner, G., Schryen, G.: Forecasting IT security vulnerabilities \u2013 an empirical analysis. Comput. Secur. 88 (2020). https:\/\/doi.org\/10.1016\/j.cose.2019.101610","DOI":"10.1016\/j.cose.2019.101610"},{"key":"22_CR54","doi-asserted-by":"publisher","unstructured":"Kryukov, R.O., Fedorchenko, E.V., Kotenko, I.V., Novikova, E.S., Zima, V.M.: Security assessment based on attack graphs using NVD and MITRE ATT & CK database for heterogeneous infrastructures. Informatsionno-Upravliaiushchie Sistemy, 39\u201350 (2024). https:\/\/doi.org\/10.31799\/1684-8853-2024-2-39-50","DOI":"10.31799\/1684-8853-2024-2-39-50"},{"key":"22_CR55","doi-asserted-by":"publisher","first-page":"2641","DOI":"10.1007\/s12652-024-04778-y","volume":"15","author":"BK Verma","year":"2024","unstructured":"Verma, B.K., Yadav, A.K.: Software security with natural language processing and vulnerability scoring using machine learning approach. J. Ambient. Intell. Humaniz. Comput. 15, 2641\u20132651 (2024). https:\/\/doi.org\/10.1007\/s12652-024-04778-y","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"22_CR56","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2022","unstructured":"Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., Chen, Z.: SySeVR: a framework for using deep learning to detect software vulnerabilities. IEEE Trans. Dependable Secure Comput. 19, 2244\u20132258 (2022). https:\/\/doi.org\/10.1109\/TDSC.2021.3051525","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"22_CR57","doi-asserted-by":"publisher","unstructured":"Gencer, K., Ba\u015f\u00e7ift\u00e7i, F.: Time series forecast modeling of vulnerabilities in the android operating system using ARIMA and deep learning methods. Sustain. Comput. Inform. Syst. 30 (2021). https:\/\/doi.org\/10.1016\/j.suscom.2021.100515","DOI":"10.1016\/j.suscom.2021.100515"},{"key":"22_CR58","doi-asserted-by":"publisher","unstructured":"Guo, H., Chen, S., Xing, Z., Li, X., Bai, Y., Sun, J.: Detecting and augmenting missing key aspects in vulnerability descriptions. ACM Trans. Softw. Eng. Methodol. 31 (2022). https:\/\/doi.org\/10.1145\/3498537","DOI":"10.1145\/3498537"},{"key":"22_CR59","doi-asserted-by":"publisher","unstructured":"Jiang, Y., Atif, Y.: Towards automatic discovery and assessment of vulnerability severity in cyber\u2013physical systems. Array. 15 (2022). https:\/\/doi.org\/10.1016\/j.array.2022.100209","DOI":"10.1016\/j.array.2022.100209"},{"key":"22_CR60","doi-asserted-by":"publisher","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","volume":"19","author":"Z Li","year":"2022","unstructured":"Li, Z., Zou, D., Xu, S., Chen, Z., Zhu, Y., Jin, H.: VulDeeLocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans. Dependable Secure Comput. 19, 2821\u20132837 (2022). https:\/\/doi.org\/10.1109\/TDSC.2021.3076142","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"22_CR61","doi-asserted-by":"publisher","unstructured":"Felkner, A., et al.: Vulnerability and attack repository for IoT: addressing challenges and opportunities in Internet of Things vulnerability databases. Appl. Sci. (Switzerland) 14 (2024). https:\/\/doi.org\/10.3390\/app142210513","DOI":"10.3390\/app142210513"},{"key":"22_CR62","doi-asserted-by":"publisher","unstructured":"D\u00fcsing, J., Hermann, B.: Analyzing the direct and transitive impact of vulnerabilities onto different artifact repositories. Digital Threats Res. Pract. 3 (2022). https:\/\/doi.org\/10.1145\/3472811","DOI":"10.1145\/3472811"},{"key":"22_CR63","doi-asserted-by":"publisher","unstructured":"Feng, W., Lai, Y., Liu, Z.: Vulnerability mining for Modbus TCP based on exception field positioning. Simul. Modell. Pract. Theory 102 (2020). https:\/\/doi.org\/10.1016\/j.simpat.2019.101989","DOI":"10.1016\/j.simpat.2019.101989"},{"key":"22_CR64","doi-asserted-by":"publisher","unstructured":"Ding, S., Xu, X.: Vulnerability mining method of SOAP based on black-box fuzzing. Internet Technol. Lett. (2024). https:\/\/doi.org\/10.1002\/itl2.553","DOI":"10.1002\/itl2.553"},{"key":"22_CR65","unstructured":"OWASP Risk Rating Methodology|OWASP Foundation. https:\/\/owasp.org\/www-community\/OWASP_Risk_Rating_Methodology"},{"key":"22_CR66","unstructured":"kexugit: DREADful. https:\/\/learn.microsoft.com\/en-us\/archive\/blogs\/david_leblanc\/dreadful"},{"key":"22_CR67","unstructured":"The Open FAIRTM Body of Knowledge. www.opengroup.org, https:\/\/www.opengroup.org\/open-fair"},{"key":"22_CR68","unstructured":"What Is VPR and How Is It Different from CVSS?. https:\/\/www.tenable.com\/blog\/what-is-vpr-and-how-is-it-different-from-cvss"}],"container-title":["Communications in Computer and Information Science","Systems, Software and Services Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-04288-0_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T08:22:52Z","timestamp":1755764572000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-04288-0_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,22]]},"ISBN":["9783032042873","9783032042880"],"references-count":68,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-04288-0_22","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2025,8,22]]},"assertion":[{"value":"22 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"EuroSPI","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Conference on Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Riga","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Latvia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurospi2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conference.eurospi.net","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}