{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T20:28:38Z","timestamp":1742934518257,"version":"3.40.3"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319395630"},{"type":"electronic","value":"9783319395647"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-39564-7_20","type":"book-chapter","created":{"date-parts":[[2016,6,6]],"date-time":"2016-06-06T07:27:56Z","timestamp":1465198076000},"page":"207-218","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Software Vulnerability Life Cycles and the Age of Software Products: An Empirical Assertion with Operating System Products"],"prefix":"10.1007","author":[{"given":"Jukka","family":"Ruohonen","sequence":"first","affiliation":[]},{"given":"Sami","family":"Hyrynsalmi","sequence":"additional","affiliation":[]},{"given":"Ville","family":"Lepp\u00e4nen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,6,7]]},"reference":[{"issue":"1","key":"20_CR1","doi-asserted-by":"publisher","first-page":"1:1","DOI":"10.1145\/2630069","volume":"17","author":"L Allodi","year":"2014","unstructured":"Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. ACM Trans. Inf. Syst. Secur. 17(1), 1:1\u20131:20 (2014)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"12","key":"20_CR2","first-page":"52","volume":"32","author":"WA Arbaugh","year":"2000","unstructured":"Arbaugh, W.A., Fithen, W.L., McHugh, J.: Window of vulnerability: a case study analysis. Computer 32(12), 52\u201359 (2000)","journal-title":"Computer"},{"issue":"2","key":"20_CR3","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1016\/j.infoecopol.2009.10.002","volume":"22","author":"A Arora","year":"2010","unstructured":"Arora, A., Forman, C., Nandkumar, A., Telang, R.: Competition and patching of security vulnerabilities: an empirical analysis. Inf. Econ. Policy 22(2), 164\u2013177 (2010)","journal-title":"Inf. Econ. Policy"},{"key":"20_CR4","unstructured":"Canonical Ltd.: Releases (2015). https:\/\/wiki.ubuntu.com\/Releases. July 2015"},{"key":"20_CR5","unstructured":"Canonical Ltd.: Ubuntu Security Notices (2015). http:\/\/www.ubuntu.com\/usn\/. March 2015"},{"issue":"3","key":"20_CR6","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1109\/TSE.2007.26","volume":"33","author":"H Cavusoglu","year":"2007","unstructured":"Cavusoglu, H., Cavusoglu, H., Raghunathan, R.: Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge. IEEE Trans. Softw. Eng. 33(3), 171\u2013185 (2007)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"20_CR7","doi-asserted-by":"crossref","unstructured":"Clark, S., Collis, M., Smith, J.M., Blaze, M.: Moving targets: security and rapid-release in Firefox. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS 2014), pp. 1256\u20131266. ACM, Scottsdale (2014)","DOI":"10.1145\/2660267.2660320"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Clark, S., Frei, S., Blaze, M., Smith, J.: Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities. In: Proceedings of the 26th Annual Computer Security Applications Conference (ASAC 2010), pp. 251\u2013260. ACM, Austin, Texas (2010)","DOI":"10.1145\/1920261.1920299"},{"issue":"2","key":"20_CR9","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/s10664-014-9308-x","volume":"20","author":"F Khomh","year":"2015","unstructured":"Khomh, F., Adams, B., Dhaliwal, T., Zou, Y.: Understanding the impact of rapid releases on software quality: the case of Firefox. Empir. Softw. Eng. 20(2), 336\u2013373 (2015)","journal-title":"Empir. Softw. Eng."},{"key":"20_CR10","volume-title":"Applied Econometrics with R","author":"C Kleiber","year":"2010","unstructured":"Kleiber, C., Zeileis, A.: Applied Econometrics with R. Springer, Berlin (2010)"},{"issue":"5","key":"20_CR11","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/s10796-007-9047-2","volume":"9","author":"P Li","year":"2007","unstructured":"Li, P., Rao, R.: An examination of private intermediaries\u2019 roles in software vulnerability disclosure. Inf. Syst. Front. 9(5), 531\u2013539 (2007)","journal-title":"Inf. Syst. Front."},{"issue":"5","key":"20_CR12","doi-asserted-by":"publisher","first-page":"1384","DOI":"10.1007\/s10664-014-9338-4","volume":"20","author":"MV M\u00e4ntyl\u00e4","year":"2014","unstructured":"M\u00e4ntyl\u00e4, M.V., Adams, B., Khomh, F., Engstr\u00f6m, E., Petersen, K.: On rapid releases and software testing: a case study and a semi-systematic literature review. Empir. Softw. Eng. 20(5), 1384\u20131425 (2014)","journal-title":"Empir. Softw. Eng."},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Marconato, G.V., Nicomette, V., Ka\u00e2niche, M.: Security-related vulnerability life cycle analysis. In: Proceedings of the 7th International Conference on Risk and Security of Internet and Systems (CRiSIS 2012), pp. 1\u20138. IEEE, Cork (2012)","DOI":"10.1109\/CRISIS.2012.6378954"},{"key":"20_CR14","doi-asserted-by":"crossref","unstructured":"Massacci, F., Nguyen, V.H.: Which is the right source for vulnerability studies? an empirical analysis on Mozilla Firefox. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics (MetriSec 2010), pp. 4:1\u20134:8. ACM, Bolzano (2010)","DOI":"10.1145\/1853919.1853925"},{"key":"20_CR15","unstructured":"Microsoft Inc.: Microsoft Security Bulletin Data (2015). http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=36982. July 2015"},{"key":"20_CR16","unstructured":"Microsoft Inc.: Windows Life Cycle Fact Sheet (2015). http:\/\/windows.microsoft.com\/en-us\/windows\/lifecycle. July 2015"},{"issue":"3","key":"20_CR17","doi-asserted-by":"publisher","first-page":"703","DOI":"10.2307\/1913610","volume":"55","author":"WK Newey","year":"1987","unstructured":"Newey, W.K., West, K.D.: A simple, positive-definite, heteroskedasticity and autocorrelation consistent covariance matrix. Econometrica 55(3), 703\u2013708 (1987)","journal-title":"Econometrica"},{"key":"20_CR18","doi-asserted-by":"crossref","unstructured":"Nguyen, V.H., Massacci, F.: The (un)reliability of NVD vulnerability versions data: an empirical experiment on Google chrome vulnerabilities. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIACCS 2013), pp. 493\u2013498. ACM (2013)","DOI":"10.1145\/2484313.2484377"},{"key":"20_CR19","unstructured":"NIST: NVD Data Feed and Product Integration (2015), National Institute of Standards and Technology (NIST), Annually Archived CVE Vulnerability Feeds: Security Related Software Flaws, NVD\/CVE XML Feed with CVSS and CPE Mappings (Version 2.0). https:\/\/nvd.nist.gov\/download.cfm. June 2015"},{"key":"20_CR20","unstructured":"Novell Inc. and others.: openSUSE: Lifetime (2015). https:\/\/en.opensuse.org\/Lifetime. July 2015"},{"key":"20_CR21","unstructured":"Novell Inc. and others: openSUSE: Roadmap (2015). https:\/\/en.opensuse.org\/openSUSE:Roadmap. July 2015"},{"key":"20_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2015.07.001","volume":"55","author":"J Ruohonen","year":"2015","unstructured":"Ruohonen, J., Hyrynsalmi, S., Lepp\u00e4nen, V.: The sigmoidal growth of operating system security vulnerabilities: an empirical revisit. Comput. Secur. 55, 1\u201320 (2015)","journal-title":"Comput. Secur."},{"issue":"5","key":"20_CR23","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1145\/1941487.1941516","volume":"54","author":"G Schryen","year":"2011","unstructured":"Schryen, G.: Is open source security a Myth? Commun. ACM 54(5), 130\u2013140 (2011)","journal-title":"Commun. ACM"},{"key":"20_CR24","doi-asserted-by":"crossref","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: Proceedings of the 34th International Conference on Software Engineering (ICSE 2012), pp. 771\u2013781. IEEE, Zurich (2012)","DOI":"10.1109\/ICSE.2012.6227141"},{"key":"20_CR25","unstructured":"SUSE LLC: Published SUSE Linux Security Updates by CVE Number (2015). https:\/\/www.suse.com\/security\/cve\/. June 2015"},{"issue":"4","key":"20_CR26","doi-asserted-by":"publisher","first-page":"305","DOI":"10.2753\/MIS0742-1222280411","volume":"28","author":"O Temizkan","year":"2012","unstructured":"Temizkan, O., Kumar, R.L., Park, S., Subramaniam, C.: Patch release behaviors of software vendors in response to vulnerabilities: an empirical analysis. J. Manag. Inf. Syst. 28(4), 305\u2013337 (2012)","journal-title":"J. Manag. Inf. Syst."},{"key":"20_CR27","doi-asserted-by":"crossref","unstructured":"Vache, G.: Vulnerability analysis for a quantitative security evaluation. In: Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), pp. 526\u2013534. IEEE, Orlando (2009)","DOI":"10.1109\/ESEM.2009.5315969"},{"issue":"10","key":"20_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.18637\/jss.v011.i10","volume":"11","author":"A Zeileis","year":"2004","unstructured":"Zeileis, A.: Econometric computing with HC and HAC covariance matrix estimators. J. Stat. Softw. 11(10), 1\u201317 (2004)","journal-title":"J. Stat. Softw."},{"issue":"3","key":"20_CR29","first-page":"7","volume":"2","author":"A Zeileis","year":"2002","unstructured":"Zeileis, A., Hothorn, T.: Diagnostic checking in regression relationships. R News 2(3), 7\u201310 (2002)","journal-title":"R News"}],"container-title":["Lecture Notes in Business Information Processing","Advanced Information Systems Engineering Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-39564-7_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,7]],"date-time":"2021-06-07T00:07:26Z","timestamp":1623024446000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-39564-7_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319395630","9783319395647"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-39564-7_20","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"7 June 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CAiSE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Advanced Information Systems Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ljubljana","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 June 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 June 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"caise2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}