{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T16:13:31Z","timestamp":1774541611960,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319113784","type":"print"},{"value":"9783319113791","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11379-1_21","type":"book-chapter","created":{"date-parts":[[2014,8,20]],"date-time":"2014-08-20T03:14:54Z","timestamp":1408504494000},"page":"426-446","source":"Crossref","is-referenced-by-count":44,"title":["Some Vulnerabilities Are Different Than Others"],"prefix":"10.1007","author":[{"given":"Kartik","family":"Nayak","sequence":"first","affiliation":[]},{"given":"Daniel","family":"Marino","sequence":"additional","affiliation":[]},{"given":"Petros","family":"Efstathopoulos","sequence":"additional","affiliation":[]},{"given":"Tudor","family":"Dumitra\u015f","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"6","key":"21_CR1","doi-asserted-by":"publisher","first-page":"772","DOI":"10.1109\/TSE.2010.81","volume":"37","author":"Y. Shin","year":"2011","unstructured":"Shin, Y., Meneely, A., Williams, L., Osborne, J.A.: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans. Software Eng.\u00a037(6), 772\u2013787 (2011)","journal-title":"IEEE Trans. Software Eng."},{"key":"21_CR2","doi-asserted-by":"crossref","unstructured":"Zimmermann, T., Nagappan, N., Williams, L.A.: Searching for a needle in a haystack: Predicting security vulnerabilities for windows vista. In: ICST, pp. 421\u2013428 (2010)","DOI":"10.1109\/ICST.2010.32"},{"key":"21_CR3","unstructured":"National Vulnerability Database, http:\/\/nvd.nist.gov\/"},{"key":"21_CR4","unstructured":"Howard, M., Pincus, J., Wing, J.M.: Measuring relative attack surfaces. In: Workshop on Advanced Developments in Software and Systems Security, Taipei, Taiwan (December 2003)"},{"issue":"3","key":"21_CR5","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1109\/TSE.2010.60","volume":"37","author":"P.K. Manadhata","year":"2011","unstructured":"Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Software Eng.\u00a037(3), 371\u2013386 (2011)","journal-title":"IEEE Trans. Software Eng."},{"key":"21_CR6","unstructured":"Microsoft Corp.: Microsoft Attack Surface Analyzer - Beta, http:\/\/bit.ly\/A04NNO"},{"key":"21_CR7","unstructured":"Coverity: Coverity scan: 2011 open source integrity report (2011)"},{"key":"21_CR8","unstructured":"National Institute of Standards and Technology: National Vulnerability database, http:\/\/nvd.nist.gov"},{"key":"21_CR9","unstructured":"Microsoft Corp.: A history of Windows, http:\/\/bit.ly\/RKDHIm"},{"key":"21_CR10","unstructured":"Wikipedia: Source lines of code, http:\/\/bit.ly\/5LkKx"},{"key":"21_CR11","unstructured":"TechRepublic: Five super-secret features in Windows 7, http:\/\/tek.io\/g3rBrB"},{"issue":"1","key":"21_CR12","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2005.17","volume":"3","author":"E. Rescorla","year":"2005","unstructured":"Rescorla, E.: Is finding security holes a good idea? IEEE Security & Privacy\u00a03(1), 14\u201319 (2005)","journal-title":"IEEE Security & Privacy"},{"key":"21_CR13","unstructured":"Ozment, A., Schechter, S.E.: Milk or wine: Does software security improve with age? In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol.\u00a015. USENIX Association, Berkeley (2006)"},{"key":"21_CR14","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1145\/1920261.1920299","volume-title":"Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010","author":"S. Clark","year":"2010","unstructured":"Clark, S., Frei, S., Blaze, M., Smith, J.: Familiarity breeds contempt: The honeymoon effect and the role of legacy code in zero-day vulnerabilities. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 251\u2013260. ACM, New York (2010)"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: KDD, Washington, DC (July 2010)","DOI":"10.1145\/1835804.1835821"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Quinn, S., Scarfone, K., Barrett, M., Johnson, C.: Guide to adopting and using the security content automation protocol (SCAP) version 1.0. NIST Special Publication 800-117 (July 2010)","DOI":"10.6028\/NIST.SP.800-117"},{"key":"21_CR17","unstructured":"Ransbotham, S.: An empirical analysis of exploitation attempts based on vulnerabilities in open source software (2010)"},{"key":"21_CR18","unstructured":"Kurmus, A., Tartler, R., Dorneanu, D., Heinloth, B., Rothberg, V., Ruprecht, A., Schr\u00f6der-Preikschat, W., Lohmann, D., Kapitza, R.: Attack surface metrics and automated compile-time os kernel tailoring. In: Network and Distributed System Security (NDSS) Symposium, San Diego, CA (February 2013)"},{"key":"21_CR19","doi-asserted-by":"crossref","unstructured":"Allodi, L., Massacci, F.: A preliminary analysis of vulnerability scores for attacks in wild. In: CCS BADGERS Workshop, Raleigh, NC (October 2012)","DOI":"10.1145\/2382416.2382427"},{"key":"21_CR20","unstructured":"Allodi, L.: Attacker economics for internet-scale vulnerability risk assessment. In: Proceedings of Usenix LEET Workshop (2013)"},{"key":"21_CR21","unstructured":"Symantec Corporation: A-Z listing of threats and risks, http:\/\/bit.ly\/11G7JE5"},{"key":"21_CR22","unstructured":"Symantec Corporation: Attack signatures, http:\/\/bit.ly\/xQaOQr"},{"key":"21_CR23","unstructured":"Open Sourced Vulnerability Database, http:\/\/www.osvdb.org"},{"key":"21_CR24","unstructured":"Symantec Attack Signatures, http:\/\/bit.ly\/1hCw1TL"},{"key":"21_CR25","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1145\/1978672.1978683","volume-title":"Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011","author":"T. Dumitras","year":"2011","unstructured":"Dumitra\u015f, T., Shou, D.: Toward a standard benchmark for computer security research: The worldwide intelligence network environment (wine). In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011, pp. 89\u201396. ACM, New York (2011)"},{"key":"21_CR26","unstructured":"Information about Internet Explorer versions, http:\/\/bit.ly\/1oNMA97"},{"key":"21_CR27","unstructured":"National Institute of Standards and Technology: Engineering statistics handbook, http:\/\/www.itl.nist.gov\/div898\/handbook\/index.htm"},{"key":"21_CR28","doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitra\u015f, T.: Before we knew it: An empirical study of zero-day attacks in the real world. In: ACM Conference on Computer and Communications Security, Raleigh, NC, pp. 833\u2013844 (October 2012)","DOI":"10.1145\/2382196.2382284"},{"key":"21_CR29","unstructured":"Microsoft security intelligence report, vol. 16, http:\/\/download.microsoft.com\/download\/7\/2\/B\/72B5DE91-04F4-42F4-A587-9D08C55E0734\/Microsoft_Security_Intelligence_Report_Volume_16_English.pdf"},{"key":"21_CR30","unstructured":"Adobe Reader Protected Mode, http:\/\/helpx.adobe.com\/acrobat\/kb\/protected-mode-troubleshooting-reader.html"},{"key":"21_CR31","unstructured":"Krebs, B.: Crimeware author funds exploit buying spree (2013), http:\/\/bit.ly\/1mYwlUY"},{"key":"21_CR32","unstructured":"FireEye: The Dual Use Exploit: CVE-2013-3906 Used in Both Targeted Attacks and Crimeware Campaigns (2013), http:\/\/bit.ly\/R3XQQ4"},{"key":"21_CR33","unstructured":"A Note about the DHTML Editing Control in IE7+, http:\/\/blogs.msdn.com\/b\/ie\/archive\/2006\/06\/27\/648850.aspx"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11379-1_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,15]],"date-time":"2022-04-15T02:21:55Z","timestamp":1649989315000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11379-1_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319113784","9783319113791"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11379-1_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}