{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T08:34:04Z","timestamp":1743150844909,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":23,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819980239"},{"type":"electronic","value":"9789819980246"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-99-8024-6_12","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T05:02:11Z","timestamp":1704862931000},"page":"143-156","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Security Risk Indicator for\u00a0Open Source Software to\u00a0Measure Software Development Status"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2686-2541","authenticated-orcid":false,"given":"Hiroki","family":"Kuzuno","sequence":"first","affiliation":[]},{"given":"Tomohiko","family":"Yano","sequence":"additional","affiliation":[]},{"given":"Kazuki","family":"Omo","sequence":"additional","affiliation":[]},{"given":"Jeroen","family":"van der Ham","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6226-5715","authenticated-orcid":false,"given":"Toshihiro","family":"Yamauchi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Ladisa, P., Plate, H., Martines, M., Barais, O.: SoK: taxonomy of attacks on open-source software supply chains. In: Proceedings of 2023 IEEE Symposium on Security and Privacy, pp. 1509\u20131526. IEEE (2023). https:\/\/doi.ieeecomputersociety.org\/10.1109\/SP46215.2023.00010","DOI":"10.1109\/SP46215.2023.10179304"},{"key":"12_CR2","doi-asserted-by":"publisher","unstructured":"Allodi, L.: Economic factors of vulnerability trade and exploitation. In: Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security, pp. 1483\u20131499. ACM (2017). https:\/\/doi.org\/10.1145\/3133956.3133960","DOI":"10.1145\/3133956.3133960"},{"issue":"8","key":"12_CR3","doi-asserted-by":"publisher","first-page":"1606","DOI":"10.1111\/risa.12864","volume":"37","author":"L Allodi","year":"2017","unstructured":"Allodi, L., Massacci, F.: Security events and vulnerability data for cybersecurity risk estimation. Risk Anal. 37(8), 1606\u20131627 (2017). https:\/\/doi.org\/10.1111\/risa.12864","journal-title":"Risk Anal."},{"key":"12_CR4","doi-asserted-by":"publisher","unstructured":"Nikonov, A., Vulfin, A., Vasilyev, V., Kirillova, A., Mikhailov, V.: System for estimation CVSS severity metrics of vulnerability based on text mining technology. In: Proceedings of the 2021 Information Technology and Nanotechnology, pp. 1\u20135. IEEE (2021) https:\/\/doi.org\/10.1109\/ITNT52450.2021.9649232","DOI":"10.1109\/ITNT52450.2021.9649232"},{"key":"12_CR5","unstructured":"Householder, D, A., Chrabaszcz, J., Warren, D., Spring, M, J.: Historical analysis of exploit availability timelines. In: Proceedings of the 13th USENIX Workshop on Cyber Security Experimentation and Test, USENIX (2020)"},{"key":"12_CR6","doi-asserted-by":"publisher","unstructured":"Jacobs, J., Romanosky, S., Adjerid, I., Baker, W.: Improving vulnerability remediation through better exploit prediction. J. Cybersecurity 6(1) (2020). https:\/\/doi.org\/10.1093\/cybsec\/tyaa015","DOI":"10.1093\/cybsec\/tyaa015"},{"issue":"3","key":"12_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3436242","volume":"2","author":"J Jacobs","year":"2021","unstructured":"Jacobs, J., Romanosky, S., Edwards, B., Adjerid, I., Roytman, M.: Exploit prediction scoring system. Digital Threats Res. Pract. 2(3), 1\u201317 (2021). https:\/\/doi.org\/10.1145\/3436242","journal-title":"Digital Threats Res. Pract."},{"key":"12_CR8","unstructured":"NIST, National Vulnerability Database. https:\/\/nvd.nist.gov\/. Accessed 18 Aug 2022"},{"key":"12_CR9","unstructured":"FIRST, Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss\/. Accessed 18 Aug 2022"},{"key":"12_CR10","unstructured":"OpenSSF, Open Source Project Criticality Score (Beta). https:\/\/github.com\/ossf\/criticality_score. Accessed 18 Aug 2022"},{"key":"12_CR11","unstructured":"MITRE, Common Vulnerabilities and Exposures. https:\/\/www.cve.org\/. Accessed 18 Aug 2022"},{"key":"12_CR12","unstructured":"NIST, Official Common Platform Enumeration Dictionary. https:\/\/nvd.nist.gov\/products\/cpe. Accessed 18 Aug 2022"},{"key":"12_CR13","unstructured":"CISA, Known Exploited Vulnerabilities Catalog. https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog. Accessed 8 Apr 2023"},{"key":"12_CR14","unstructured":"Debian Project, Debian GNU\/Linux (online). https:\/\/www.debian.org\/. Accessed 18 Aug 2022"},{"key":"12_CR15","doi-asserted-by":"publisher","unstructured":"Williams, M.A., Dey, S., Barranco, C., Naim, M.S., Hossain, S.M., Akbar, M.: Analyzing evolving trends of vulnerabilities in national vulnerability database. In Proceedings of 2018 IEEE International Conference on Big Data, pp. 3011\u20133020. IEEE (2018). https:\/\/doi.org\/10.1109\/BigData.2018.8622299","DOI":"10.1109\/BigData.2018.8622299"},{"key":"12_CR16","doi-asserted-by":"publisher","unstructured":"Martin, H., Jana, K., Elias, B., Pavel, C.: Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun. Surv. Tutor. 21(1), 640\u2013660. IEEE (2018). https:\/\/doi.org\/10.1109\/COMST.2018.2871866","DOI":"10.1109\/COMST.2018.2871866"},{"key":"12_CR17","doi-asserted-by":"publisher","unstructured":"Chen, H., Liu, J., Liu, R., Park, N., Subrahmanian, S.V.: VEST: a system for vulnerability exploit scoring & timing. In: Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, pp. 6503\u20136505 (2019). https:\/\/doi.org\/10.24963\/ijcai.2019\/937","DOI":"10.24963\/ijcai.2019\/937"},{"key":"12_CR18","doi-asserted-by":"publisher","unstructured":"Minh, L.H.T., et al.: DeepCVA: automated commit-level vulnerability assessment with deep multi-task learning. In: Proceedings of 36th IEEE\/ACM International Conference on Automated Software Engineering, pp. 717\u2013729. IEEE (2021). https:\/\/doi.org\/10.1109\/ASE51524.2021.9678622","DOI":"10.1109\/ASE51524.2021.9678622"},{"key":"12_CR19","doi-asserted-by":"publisher","first-page":"88852","DOI":"10.1109\/ACCESS.2021.3075385","volume":"9","author":"G Siewruk","year":"2021","unstructured":"Siewruk, G., Mazurczyk, W.: Context-aware software vulnerability classification using machine learning. IEEE Access 9, 88852\u201388867 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3075385","journal-title":"IEEE Access"},{"key":"12_CR20","doi-asserted-by":"publisher","unstructured":"Walkowski, M., Krakowiak M., Jaroszewski, M., Oko, J., Sujecki, S.: Automatic CVSS-based vulnerability prioritization and response with context information. In Proceedings of International Conference on Software, Telecommunications and Computer Networks, pp. 1\u20136 (2021). https:\/\/doi.org\/10.23919\/SoftCOM52868.2021.9559094.559094","DOI":"10.23919\/SoftCOM52868.2021.9559094.559094"},{"issue":"3","key":"12_CR21","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1287\/isre.2015.0587","volume":"26","author":"S Mitra","year":"2015","unstructured":"Mitra, S., Ransbotham, S.: The effects of vulnerability disclosure policy on the diffusion of security attacks. Inf. Syst. Res. 26(3), 565\u2013584 (2015). https:\/\/doi.org\/10.1287\/isre.2015.0587","journal-title":"Inf. Syst. Res."},{"issue":"4","key":"12_CR22","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/MSEC.2021.3070978","volume":"19","author":"F Boechat","year":"2021","unstructured":"Boechat, F., et al.: Is vulnerability report confidence redundant? pitfalls using temporal risk scores. IEEE Secur. Priv. 19(4), 44\u201353 (2021). https:\/\/doi.org\/10.1109\/MSEC.2021.3070978","journal-title":"IEEE Secur. Priv."},{"key":"12_CR23","doi-asserted-by":"publisher","first-page":"8735","DOI":"10.3390\/app11188735","volume":"11","author":"M Walkowski","year":"2021","unstructured":"Walkowski, M., Oko, J., Sujecki, S.: Vulnerability management models using a common vulnerability scoring system. Appl. Sci. 11, 8735 (2021). https:\/\/doi.org\/10.3390\/app11188735","journal-title":"Appl. Sci."}],"container-title":["Lecture Notes in Computer Science","Information Security Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-8024-6_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T05:03:17Z","timestamp":1704862997000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-8024-6_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819980239","9789819980246"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-8024-6_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"WISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Jeju Island","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"wisa2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/wisa.or.kr\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easy Chair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}