{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,18]],"date-time":"2026-01-18T02:25:28Z","timestamp":1768703128893,"version":"3.49.0"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319336299","type":"print"},{"value":"9783319336305","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-33630-5_5","type":"book-chapter","created":{"date-parts":[[2016,5,10]],"date-time":"2016-05-10T08:10:12Z","timestamp":1462867812000},"page":"62-75","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Evaluating CVSS Base Score Using Vulnerability Rewards Programs"],"prefix":"10.1007","author":[{"given":"Awad","family":"Younis","sequence":"first","affiliation":[]},{"given":"Yashwant K.","family":"Malaiya","sequence":"additional","affiliation":[]},{"given":"Indrajit","family":"Ray","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,5,11]]},"reference":[{"key":"5_CR1","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0, p. 123. Published by FIRST-Forum of Incident Response and Security Teams (2007)"},{"key":"5_CR2","unstructured":"Defense in Depth. \n                    http:\/\/www.nsa.gov\/ia\/_files\/support\/defenseindepth.pdf\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR3","unstructured":"Pescatore, J.: Application Security: Tools for Getting Management Support and Funding. White Paper, SANS Institute (2013)"},{"key":"5_CR4","unstructured":"Finifter, M., Devdatta, A., David, W.: An empirical study of vulnerability rewards programs. In: Proceedings of the 22nd USENIX Security Symposium, Washington, pp. 273\u2013288 (2013)"},{"key":"5_CR5","unstructured":"Reading, D.: Connecting The Information Security Community. \n                    http:\/\/www.darkreading.com\/coordinated-disclosure-bug-bounties-help-speed-patches\/d\/d-id\/1139551"},{"key":"5_CR6","unstructured":"The Mozilla Security Bug Bounty Program. \n                    https:\/\/www.mozilla.org\/en-US\/security\/bug-bounty\/\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR7","unstructured":"Chrome Reward Program Rules. \n                    https:\/\/www.google.com\/about\/appsecurity\/chrome-rewards\/index.html\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR8","unstructured":"Security Severity Ratings. \n                    https:\/\/wiki.mozilla.org"},{"key":"5_CR9","unstructured":"Severity Guidelines for Security Issues. \n                    https:\/\/www.chromium.org\/developers\/severity-guidelines\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Younis, A.A., Malaiya, Y.K.: Comparing and evaluating CVSS base metrics and microsoft rating system. In: The 2015 IEEE International Conference on Software Quality, Reliability and Security, Vancouver, BC, pp. 252\u2013261 (2015)","DOI":"10.1109\/QRS.2015.44"},{"issue":"1","key":"5_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2630069","volume":"17","author":"L Allodi","year":"2014","unstructured":"Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. J. Tra. Info. Syst. Secu. 17(1), 1\u201320 (2014)","journal-title":"J. Tra. Info. Syst. Secu."},{"key":"5_CR12","unstructured":"Miller, M., Burrell, T., Howard, M.: Mitigating Software Vulnerabilities. Technical report, Microsoft Security Engineering Center (2011)"},{"key":"5_CR13","unstructured":"Nagaraju, S.S., Craioveanu, G., Florio, E.: Software Vulnerability Exploitation Trends. Technical Report, Microsoft Trustworthy Computing Security (2013)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, pp. 105\u2013114 (2010)","DOI":"10.1145\/1835804.1835821"},{"key":"5_CR15","unstructured":"National Vulnerability Database. \n                    https:\/\/nvd.nist.gov\/\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR16","unstructured":"Exploit Database. \n                    https:\/\/www.exploit-db.com\/\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR17","unstructured":"Security Advisories for Firefox. \n                    https:\/\/www.mozilla.org\/en-US\/security\/known-vulnerabilities\/firefox\/\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR18","unstructured":"Chromium. \n                    https:\/\/code.google.com\/p\/chromium\/issues\/list\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR19","unstructured":"Common Weakness Enumeration (CWE). \n                    http:\/\/cwe.mitre.org\/\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR20","unstructured":"Mozilla Bugzilla. \n                    https:\/\/bugzilla.mozilla.org\/\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR21","unstructured":"Common Vulnerability Scoring System, V3 Development Update. \n                    https:\/\/www.first.org\/cvss\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR22","unstructured":"Point-Biserial. \n                    https:\/\/www.andrews.edu\/~calkins\/math\/edrm611\/edrm13.htm\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR23","unstructured":"R: A Language and Environment for Statistical Computing. \n                    https:\/\/www.r-project.org\/"},{"key":"5_CR24","unstructured":"Common Weakness Scoring System. \n                    https:\/\/cwe.mitre.org\/cwss\/cwss_v1.0.1.html\n                    \n                  . Accessed on 08 January 2016"},{"key":"5_CR25","unstructured":"Using Exploitability Index. \n                    https:\/\/technet.microsoft.com\/en-us\/security\/ff943560.aspx\n                    \n                  . Accessed on 08 January 2016"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-33630-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,13]],"date-time":"2020-05-13T00:02:38Z","timestamp":1589328158000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-33630-5_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319336299","9783319336305"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-33630-5_5","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"11 May 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}