{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T15:37:25Z","timestamp":1766504245656,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319543277"},{"type":"electronic","value":"9783319543284"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-54328-4_9","type":"book-chapter","created":{"date-parts":[[2017,2,16]],"date-time":"2017-02-16T11:01:47Z","timestamp":1487242907000},"page":"113-125","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Patch Me If You Can: A Study on the Effects of Individual User Behavior on the End-Host Vulnerability State"],"prefix":"10.1007","author":[{"given":"Armin","family":"Sarabi","sequence":"first","affiliation":[]},{"given":"Ziyun","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Chaowei","family":"Xiao","sequence":"additional","affiliation":[]},{"given":"Mingyan","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Tudor","family":"Dumitra\u015f","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,2,17]]},"reference":[{"unstructured":"Abdi, H.: Bonferroni and \u0160id\u00e1k corrections for multiple comparisons. Sage (2007)","key":"9_CR1"},{"unstructured":"Alhazmi, O., Malaiya, Y.: Modeling the vulnerability discovery process. In: International Symposium on Software Reliability Engineering (2005)","key":"9_CR2"},{"issue":"3","key":"9_CR3","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1016\/j.cose.2006.10.002","volume":"26","author":"O Alhazmi","year":"2007","unstructured":"Alhazmi, O., Malaiya, Y., Ray, I.: Measuring, analyzing and predicting security vulnerabilities in software systems. Comput. Secur. 26(3), 219\u2013228 (2007)","journal-title":"Comput. Secur."},{"issue":"12","key":"9_CR4","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1109\/2.889093","volume":"33","author":"W Arbaugh","year":"2000","unstructured":"Arbaugh, W., Fithen, W., McHugh, J.: Windows of vulnerability: a case study analysis. IEEE Comput. 33(12), 52\u201359 (2000)","journal-title":"IEEE Comput."},{"unstructured":"Arora, A., Krishnan, R., Nandkumar, A., Telang, R., Yang, Y.: Impact of vulnerability disclosure and patch availability - an empirical analysis. In: Workshop on the Economics of Information Security (2004)","key":"9_CR5"},{"doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitra\u015f, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: ACM Conference on Computer and Communications Security (2012)","key":"9_CR6","DOI":"10.1145\/2382196.2382284"},{"unstructured":"Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Emerging issues in responsible vulnerability disclosure. In: Workshop on Information Technology and Systems (2004)","key":"9_CR7"},{"doi-asserted-by":"crossref","unstructured":"Clark, S., Collis, M., Blaze, M., Smith, J.: Moving targets: security and rapid-release in Firefox. In: ACM SIGSAC Conference on Computer and Communications Security (2014)","key":"9_CR8","DOI":"10.1145\/2660267.2660320"},{"key":"9_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/978-3-642-14379-3_11","volume-title":"Critical Information Infrastructures Security","author":"T Duebendorfer","year":"2010","unstructured":"Duebendorfer, T., Frei, S.: Web browser security update effectiveness. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 124\u2013137. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-14379-3_11"},{"doi-asserted-by":"crossref","unstructured":"Dumitra\u015f, T., Shou, D.: Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE). In: Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (2011)","key":"9_CR10","DOI":"10.1145\/1978672.1978683"},{"doi-asserted-by":"crossref","unstructured":"Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., et al.: The matter of heartbleed. In: Internet Measurement Conference (2014)","key":"9_CR11","DOI":"10.1145\/2663716.2663755"},{"unstructured":"Exploit kits. http:\/\/contagiodump.blogspot.com","key":"9_CR12"},{"doi-asserted-by":"crossref","unstructured":"Gkantsidis, C., Karagiannis, T., Rodriguez, P., Vojnovic, M.: Planet scale software updates. In: ACM SIGCOMM Computer Communication Review (2006)","key":"9_CR13","DOI":"10.1145\/1159913.1159961"},{"doi-asserted-by":"crossref","unstructured":"Grier, C., Ballard, L., Caballero, J., Chachra, N., Dietrich, C., et al.: Manufacturing compromise: the emergence of exploit-as-a-service. In: ACM Conference on Computer and Communications Security (2012)","key":"9_CR14","DOI":"10.1145\/2382196.2382283"},{"unstructured":"Mathur, A., Engel, J., Sobti, S., Chang, V., Chetty, M.: \u201cThey keep coming back like zombies\u201d: improving software updating interfaces. In: Symposium on Usable Privacy and Security (2016)","key":"9_CR15"},{"issue":"4","key":"9_CR16","first-page":"70","volume":"140","author":"D Mulligan","year":"2011","unstructured":"Mulligan, D., Schneider, F.: Doctrine for cybersecurity. Daedalus, J. Am. Acad. Arts Sci. 140(4), 70\u201392 (2011)","journal-title":"Daedalus, J. Am. Acad. Arts Sci."},{"doi-asserted-by":"crossref","unstructured":"Nappa, A., Johnson, R., Bilge, L., Caballero, J., Dumitra\u015f, T.: The attack of the clones: a study of the impact of shared code on vulnerability patching. In: IEEE Symposium on Security and Privacy (2015)","key":"9_CR17","DOI":"10.1109\/SP.2015.48"},{"doi-asserted-by":"crossref","unstructured":"Neuhaus, S., Zimmermann, T., Holler, C., Zeller, A.: Predicting vulnerable software components. In: ACM Conference on Computer and Communications Security (2007)","key":"9_CR18","DOI":"10.1145\/1315245.1315311"},{"unstructured":"NIST: National Vulnerability Database. https:\/\/nvd.nist.gov","key":"9_CR19"},{"unstructured":"Ozment, A., Schechter, S.: Milk or wine: does software security improve with age? In: USENIX Security Symposium (2006)","key":"9_CR20"},{"unstructured":"Ramos, T.: The laws of vulnerabilities. In: RSA Conference (2006)","key":"9_CR21"},{"doi-asserted-by":"crossref","unstructured":"Rescorla, E.: Is finding security holes a good idea? In: IEEE Security and Privacy (2005)","key":"9_CR22","DOI":"10.1109\/MSP.2005.17"},{"unstructured":"Rescorla, E.: Security holes.. who cares. In: USENIX Security Symposium (2003)","key":"9_CR23"},{"unstructured":"Sabottke, C., Suciu, O., Dumitra\u015f, T.: Vulnerability disclosure in the age of social media: exploiting Twitter for predicting real-world exploits. In: USENIX Security Symposium (2015)","key":"9_CR24"},{"doi-asserted-by":"crossref","unstructured":"Shahzad, M., Shafiq, M., Liu, A.: A large scale exploratory analysis of software vulnerability life cycles. In: International Conference on Software Engineering (2012)","key":"9_CR25","DOI":"10.1109\/ICSE.2012.6227141"},{"unstructured":"Shankland, S.: Heartbleed bug undoes web encryption, reveals Yahoo passwords (2014). http:\/\/www.cnet.com\/news\/heartbleed-bug-undoes-web-encryption-reveals-user-passwords","key":"9_CR26"},{"unstructured":"Software release dates. http:\/\/bit.ly\/2jKrMPj","key":"9_CR27"},{"unstructured":"Symantec Corporation: Symantec threat explorer (2012). http:\/\/www.symantec.com\/security_response\/threatexplorer\/azlisting.jsp","key":"9_CR28"},{"doi-asserted-by":"crossref","unstructured":"Vaniea, K., Rader, E., Wash, R.: Betrayed by updates: how negative experiences affect future security. In: ACM Conference on Human Factors in Computing (2014)","key":"9_CR29","DOI":"10.1145\/2556288.2557275"},{"doi-asserted-by":"crossref","unstructured":"Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 Debian OpenSSL vulnerability. In: Internet Measurement Conference (2009)","key":"9_CR30","DOI":"10.1145\/1644893.1644896"},{"doi-asserted-by":"crossref","unstructured":"Zhang, L., Choffnes, D., Dumitra\u015f, T., Levin, D., Mislove, A., et al.: Analysis of SSL certificate reissues and revocations in the wake of Heartbleed. In: Internet Measurement Conference (2014)","key":"9_CR31","DOI":"10.1145\/2663716.2663758"}],"container-title":["Lecture Notes in Computer Science","Passive and Active Measurement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-54328-4_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T17:00:53Z","timestamp":1709830853000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-54328-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319543277","9783319543284"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-54328-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"17 February 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PAM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Passive and Active Network Measurement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sydney","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 March 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 March 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pam2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/research.csiro.au\/pam2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}