{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T13:20:15Z","timestamp":1760016015776,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":22,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642394973"},{"type":"electronic","value":"9783642394980"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39498-0_4","type":"book-chapter","created":{"date-parts":[[2013,11,28]],"date-time":"2013-11-28T13:05:32Z","timestamp":1385643932000},"page":"75-92","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Software Security Economics: Theory, in Practice"],"prefix":"10.1007","author":[{"given":"Stephan","family":"Neuhaus","sequence":"first","affiliation":[]},{"given":"Bernhard","family":"Plattner","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,10,8]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Baker, M.J., Eick, S.G.: Visualizing software systems. In: Proceedings of the 16th International Conference on Software Engineering, ICSE\u201994, Sorrento, pp.\u00a059\u201367 (1994)","DOI":"10.1109\/ICSE.1994.296766"},{"issue":"4","key":"4_CR2","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/2.488299","volume":"29","author":"T. Ball","year":"1996","unstructured":"Ball, T., Eick, S.: Software visualization in the large. Computer 29(4), 33\u201343 (1996)","journal-title":"Computer"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Bird, C., Bachmann, A., Aune, E., Duffy, J., Bernstein, A., Filkov, V., Devanbu, P.: Fair and balanced? Bias in bug-fix datasets. In: Proceedings of the ESEC\/FSE\u201909, Amsterdam, pp.\u00a0121\u2013130 (2009)","DOI":"10.1145\/1595696.1595716"},{"key":"4_CR4","volume-title":"Through the Looking-Glass","author":"L. Carroll","year":"1871","unstructured":"Carroll, L.: Through the Looking-Glass. Macmillan and Co, London (1871)"},{"key":"4_CR5","doi-asserted-by":"publisher","first-page":"661","DOI":"10.1137\/070710111","volume":"51","author":"A. Clauset","year":"2009","unstructured":"Clauset, A., Shalizi, C.R., Newman, M.E.J.: Power-law distributions in empirical data. SIAM Rev. 51, 661\u2013703 (2009)","journal-title":"SIAM Rev."},{"issue":"3683","key":"4_CR6","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1126\/science.149.3683.510","volume":"149","author":"D.J. de Solla Price","year":"1965","unstructured":"de Solla Price, D.J.: Networks of scientific papers. Science 149(3683), 510\u2013515 (1965)","journal-title":"Science"},{"key":"4_CR7","unstructured":"Frei, S.: Security econometrics \u2013 the dynamics of (in)security. ETH Z\u00fcrich, Dissertation 18197, ETH Zurich (2009)"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Frei, S., Schatzmann, D., Plattner, B., Trammel, B.: Modelling the security ecosystem \u2013 the dynamics of (in)security. In: Anderson, R. (ed.) Workshop on the Economics of Information Security (WEIS), Cambridge (2009)","DOI":"10.1007\/978-1-4419-6967-5_6"},{"issue":"6038","key":"4_CR9","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1126\/science.1205068","volume":"333","author":"N. Johnson","year":"2011","unstructured":"Johnson, N., Carran, S., Botner, J., Fontaine, K., Laxague, N., Nuetzel, P., Turnley, J., Tivnan, B.: Pattern in escalations in insurgent and terrorist activity. Science 333(6038), 81\u201384 (2011)","journal-title":"Science"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Kim, S., Zimmermann, T., Pan, K., Jr., E.J.W.: Automatic identification of bug introducing changes. In: Proceedings of the 21st IEEE\/ACM International Conference on Automated Software Engineering, Tokyo, pp.\u00a081\u201390 (2006)","DOI":"10.1109\/ASE.2006.23"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Maillart, T., Sornette, D., Frei, S., Duebendorfer, T., Saichev, A.: Quantification of deviations from rationality with heavy-tails in human dynamics. ArXiv e-prints (2010)","DOI":"10.1103\/PhysRevE.83.056101"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Massacci, F., Nguyen, V.H.: Which is the right source for vulnerability studies? An empirical analysis on Mozilla Firefox. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, MetriSec\u201910, Bolzano, pp.\u00a04:1\u20134:8 (2010)","DOI":"10.1145\/1853919.1853925"},{"key":"4_CR13","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/978-3-642-19125-1_15","volume":"6542","author":"F. Massacci","year":"2011","unstructured":"Massacci, F., Neuhaus, S., Nguyen, V.H.: After-life vulnerabilities: a study on Firefox evolution, its vulnerabilities, and fixes. In: Proceedings of the ESSoS\u201911, Madrid. Lecture Notes in Computer Science, vol.\u00a06542, pp.\u00a0195\u2013208 (2011)","journal-title":"Lecture Notes in Computer Science"},{"key":"4_CR14","unstructured":"Mozilla Foundation: Mozilla-Announce mailing list. https:\/\/lists.mozilla.org\/listinfo\/announce (2012)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Neuhaus, S., Zimmermann, T., Holler, C., Zeller, A.: Predicting vulnerable software components. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, pp.\u00a0529\u2013540 (2007)","DOI":"10.1145\/1315245.1315311"},{"key":"4_CR16","unstructured":"Ozment, A., Schechter, S.E.: Milk or wine: does software security improve with age? In: Proceedings of the 15th Usenix Security Symposium, Vancouver, pp.\u00a093\u2013104 (2006)"},{"key":"4_CR17","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1002\/(SICI)1097-024X(19990410)29:4<345::AID-SPE238>3.0.CO;2-C","volume":"29","author":"G. Phipps","year":"1999","unstructured":"Phipps, G.: Comparing observed bug and productivity rates for Java and C++. Softw. Pract. Exp. 29, 345\u2013358 (1999)","journal-title":"Softw. Pract. Exp."},{"issue":"1","key":"4_CR18","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2005.17","volume":"3","author":"E. Rescorla","year":"2005","unstructured":"Rescorla, E.: Is finding security holes a good idea? IEEE Secur. Priv. 3(1), 14\u201319 (2005)","journal-title":"IEEE Secur. Priv."},{"issue":"8","key":"4_CR19","doi-asserted-by":"publisher","first-page":"1805","DOI":"10.1214\/aos\/1069362376","volume":"25","author":"S.I. Resnick","year":"1997","unstructured":"Resnick, S.I.: Heavy tail modeling and teletraffic data. Ann. Stat. 25(8), 1805\u20131869 (1997)","journal-title":"Ann. Stat."},{"key":"4_CR20","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1109\/MSP.2009.98","volume":"7","author":"R. Rue","year":"2009","unstructured":"Rue, R., Pfleeger, S.L.: Making the best use of cybersecurity economic models. IEEE Secur. Priv. 7, 52\u201360 (2009)","journal-title":"IEEE Secur. Priv."},{"issue":"5","key":"4_CR21","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1145\/1941487.1941516","volume":"54","author":"G. Schryen","year":"2011","unstructured":"Schryen, G.: Is open source security a myth? What does vulnerability and patch data say? Commun. ACM 54(5), 130\u2013140 (2011)","journal-title":"Commun. ACM"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"S\u0142iwerski, J., Zimmermann, T., Zeller, A.: When do changes induce fixes? In: Proceedings of the Second International Workshop on Mining Software Repositories, St. Louis, pp.\u00a024\u201328 (2005)","DOI":"10.1145\/1083142.1083147"}],"container-title":["The Economics of Information Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39498-0_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:15:11Z","timestamp":1746058511000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-39498-0_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642394973","9783642394980"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39498-0_4","relation":{},"subject":[],"published":{"date-parts":[[2013]]},"assertion":[{"value":"8 October 2013","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}