{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T03:25:09Z","timestamp":1740108309468,"version":"3.37.3"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2018,9,25]],"date-time":"2018-09-25T00:00:00Z","timestamp":1537833600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2018,9,25]],"date-time":"2018-09-25T00:00:00Z","timestamp":1537833600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/M019462\/1"],"award-info":[{"award-number":["EP\/M019462\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["700692"],"award-info":[{"award-number":["700692"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1223634"],"award-info":[{"award-number":["1223634"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Computing"],"published-print":{"date-parts":[[2019,2]]},"DOI":"10.1007\/s00607-018-0663-0","type":"journal-article","created":{"date-parts":[[2018,9,25]],"date-time":"2018-09-25T10:24:08Z","timestamp":1537871048000},"page":"139-160","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Cluster-based vulnerability assessment of operating systems and web browsers"],"prefix":"10.1007","volume":"101","author":[{"given":"Yazdan","family":"Movahedi","sequence":"first","affiliation":[]},{"given":"Michel","family":"Cukier","sequence":"additional","affiliation":[]},{"given":"Ambrose","family":"Andongabo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8017-3184","authenticated-orcid":false,"given":"Ilir","family":"Gashi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,25]]},"reference":[{"key":"663_CR1","unstructured":"Lyu MR (ed) (1996) Handbook of software reliability engineering. IEEE Computer Society Press, Los Alamitos; McGraw Hill, New York"},{"key":"663_CR2","unstructured":"Rescorla E (2003) Security holes... Who cares? In: Proceedings of the 12th conference on USENIX Security Symposium, pp 75\u201390"},{"key":"663_CR3","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2005.17","volume":"3","author":"E Rescorla","year":"2005","unstructured":"Rescorla E (2005) Is finding security holes a good idea? IEEE Secur Priv Mag 3:14\u201319","journal-title":"IEEE Secur Priv Mag"},{"key":"663_CR4","doi-asserted-by":"crossref","unstructured":"Alhazmi O, Malaiya Y (2005) Quantitative vulnerability assessment of systems software. IEEE, pp\u00a0615\u2013620","DOI":"10.1109\/RAMS.2005.1408432"},{"key":"663_CR5","doi-asserted-by":"crossref","unstructured":"Woo S, Alhazmi O, Malaiya Y (2006) Assessing Vulnerabilities in Apache and IIS HTTP Servers. IEEE, pp\u00a0103\u2013110","DOI":"10.1109\/DASC.2006.21"},{"key":"663_CR6","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/TR.2008.916872","volume":"57","author":"O Alhazmi","year":"2008","unstructured":"Alhazmi O, Malaiya Y (2008) Application of vulnerability discovery models to major operating systems. IEEE Trans Reliab 57:14\u201322","journal-title":"IEEE Trans Reliab"},{"key":"663_CR7","unstructured":"Ozment JA (2007) Vulnerability discovery & software security. Ph.D. thesis, University of Cambridge"},{"key":"663_CR8","doi-asserted-by":"crossref","unstructured":"Okamura H, Tokuzane M, Dohi T (2009) Optimal security patch release timing under non-homogeneous vulnerability-discovery processes. In: Proceedings of the 20th international symposium on software reliability engineering. IEEE, pp\u00a0120\u2013128","DOI":"10.1109\/ISSRE.2009.19"},{"key":"663_CR9","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/MSP.2006.95","volume":"4","author":"P Verissimo","year":"2006","unstructured":"Verissimo P, Neves N, Cachin C, Poritz J, Powell D, Deswarte Y, Stroud R, Welch I (2006) Intrusion-tolerant middleware: the road to automatic security. IEEE Secur Priv Mag 4:54\u201362","journal-title":"IEEE Secur Priv Mag"},{"key":"663_CR10","doi-asserted-by":"publisher","first-page":"15","DOI":"10.4236\/jsea.2013.64A003","volume":"06","author":"H Okamura","year":"2013","unstructured":"Okamura H, Tokuzane M, Dohi T (2013) Quantitative security evaluation for software system from vulnerability database. J Softw Eng Appl 06:15","journal-title":"J Softw Eng Appl"},{"key":"663_CR11","first-page":"52","volume":"33","author":"WA Arbaugh","year":"2000","unstructured":"Arbaugh WA, Fithen WL, McHugh J (2000) Windows of vulnerability: a case study analysis. Computer 33:52\u201359","journal-title":"Computer"},{"key":"663_CR12","doi-asserted-by":"crossref","unstructured":"Frei S, May M, Fiedler U, Plattner B (2006) Large-scale vulnerability analysis. In: Proceedings of the 2006 SIGCOMM workshop on large-scale attack defense, LSAD \u201906, New York, NY, USA. ACM, pp\u00a0131\u2013138","DOI":"10.1145\/1162666.1162671"},{"key":"663_CR13","doi-asserted-by":"crossref","unstructured":"Frei S, Schatzmann D, Plattner B, Trammell B (2010) Modeling the security ecosystem\u2014the dynamics of (in)security. In: Pym DJ, Ioannidis C (eds) Economics of information security and privacy. Springer, Boston, pp\u00a079\u2013106","DOI":"10.1007\/978-1-4419-6967-5_6"},{"key":"663_CR14","doi-asserted-by":"publisher","first-page":"1445","DOI":"10.1002\/qre.1567","volume":"30","author":"H Joh","year":"2014","unstructured":"Joh H, Malaiya YK (2014) Modeling skewness in vulnerability discovery: modeling skewness in vulnerability discovery. Qual Reliab Eng Int 30:1445\u20131459","journal-title":"Qual Reliab Eng Int"},{"key":"663_CR15","doi-asserted-by":"crossref","unstructured":"Kim J, Malaiya YK, Ray I (2007) Vulnerability discovery in multi-version software systems. In: 10th IEEE high assurance systems engineering symposium. HASE \u201907, pp\u00a0141\u2013148","DOI":"10.1109\/HASE.2007.55"},{"key":"663_CR16","unstructured":"Ozment A, Schechter SE (2006) Milk or wine: does software security improve with age? In: Proceedings of the 15th USENIX Security Symposium. USENIX Association, Berkeley, CA, USA"},{"key":"663_CR17","unstructured":"Johnson RA, Wichern DW (2007) Applied multivariate statistical analysis, 6th edn. Pearson Prentice Hall, Upper Saddle River, OCLC: ocm70867129"},{"key":"663_CR18","unstructured":"Sabottke C, Suciu O, Dumitras T (2015) Vulnerability disclosure in the age of social media: exploiting twitter for predicting real-world exploits. In: USENIX security symposium, pp 1041\u20131056"},{"key":"663_CR19","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/s11219-015-9274-6","volume":"24","author":"A Younis","year":"2016","unstructured":"Younis A, Malaiya YK, Ray I (2016) Assessing vulnerability exploitability risk using software properties. Softw Qual J 24:159\u2013202","journal-title":"Softw Qual J"},{"key":"663_CR20","doi-asserted-by":"publisher","first-page":"1659","DOI":"10.1016\/j.eswa.2007.01.040","volume":"34","author":"K Lee","year":"2008","unstructured":"Lee K, Kim J, Kwon KH, Han Y, Kim S (2008) DDoS attack detection method using cluster analysis. Expert Syst Appl 34:1659\u20131665","journal-title":"Expert Syst Appl"},{"key":"663_CR21","doi-asserted-by":"crossref","unstructured":"Shahzad M, Shafiq MZ, Liu AX (2012) A large scale exploratory analysis of software vulnerability life cycles. In: Proceedings of the 34th international conference on software engineering, ICSE \u201912, Piscataway, NJ, USA. IEEE Press, pp\u00a0771\u2013781","DOI":"10.1109\/ICSE.2012.6227141"},{"key":"663_CR22","doi-asserted-by":"crossref","unstructured":"Huang S, Tang H, Zhang M, Tian J (2010) Text clustering on national vulnerability database. In: 2010 Second international conference on computer engineering and applications, vol\u00a02, pp\u00a0295\u2013299","DOI":"10.1109\/ICCEA.2010.209"},{"key":"663_CR23","doi-asserted-by":"crossref","unstructured":"Andongabo A, Gashi I (2017) vepRisk\u2014a web based analysis tool for public security data. IEEE, pp\u00a0135\u2013138","DOI":"10.1109\/EDCC.2017.30"},{"key":"663_CR24","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1093\/biomet\/53.3-4.325","volume":"53","author":"JC Gower","year":"1966","unstructured":"Gower JC (1966) Some distance properties of latent root and vector methods used in multivariate analysis. Biometrika 53:325\u2013338","journal-title":"Biometrika"},{"key":"663_CR25","unstructured":"SAS Institute Inc (2016) SAS$$\\textregistered {}$$ Enterprise Miner$$^{\\rm TM}$$14.2: high-performance procedures. SAS Institute Inc., Cary, NC"},{"key":"663_CR26","unstructured":"Sarle WS (1983) Cubic clustering criterion. SAS Technical Report A-108. SAS Institution Inc., Cary, NC"},{"key":"663_CR27","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1111\/1467-9868.00293","volume":"63","author":"R Tibshirani","year":"2001","unstructured":"Tibshirani R, Walther G, Hastie T (2001) Estimating the number of clusters in a data set via the gap statistic. J R Stat Soc Ser B (Stat Methodol) 63:411\u2013423","journal-title":"J R Stat Soc Ser B (Stat Methodol)"},{"key":"663_CR28","doi-asserted-by":"publisher","first-page":"547","DOI":"10.2307\/3316110","volume":"27","author":"TY Yang","year":"1999","unstructured":"Yang TY, Kuo L (1999) Bayesian computation for the superposition of nonhomogeneous poisson processes. Can J Stat 27:547\u2013556","journal-title":"Can J Stat"},{"key":"663_CR29","doi-asserted-by":"publisher","DOI":"10.1201\/9781315382425","volume-title":"Reliability engineering and risk analysis: a practical guide","author":"M Modarres","year":"2016","unstructured":"Modarres M, Kaminskiy MP, Krivtsov V (2016) Reliability engineering and risk analysis: a practical guide. CRC Press, Boca Raton"},{"key":"663_CR30","doi-asserted-by":"publisher","first-page":"4759","DOI":"10.1109\/ACCESS.2017.2688698","volume":"5","author":"Z Zhao","year":"2017","unstructured":"Zhao Z, Zhang Y, Liu G, Qiu J (2017) Statistical analysis of time-varying characteristics of testability index based on NHPP. IEEE Access 5:4759\u20134768","journal-title":"IEEE Access"},{"key":"663_CR31","doi-asserted-by":"crossref","unstructured":"Allodi L (2015) The heavy tails of vulnerability exploitation. In: Engineering secure software and systems. Lecture notes in computer science. Springer, Cham, pp\u00a0133\u2013148","DOI":"10.1007\/978-3-319-15618-7_11"},{"key":"663_CR32","doi-asserted-by":"publisher","unstructured":"Yoo T-H, Lee J-K, Seo Y-J (2016) A relative research of the software NHPP reliability based on weibull extension distribution and power law model. Indian J Sci Technol 9(46). \n                    https:\/\/doi.org\/10.17485\/ijst\/2016\/v9i46\/107199","DOI":"10.17485\/ijst\/2016\/v9i46\/107199"},{"key":"663_CR33","doi-asserted-by":"publisher","unstructured":"Tae-Hyun Y (2015) The infinite NHPP software reliability model based on monotonic intensity function. Indian J Sci Technol 8(14). \n                    https:\/\/doi.org\/10.17485\/ijst\/2015\/v8i14\/68342","DOI":"10.17485\/ijst\/2015\/v8i14\/68342"},{"issue":"6","key":"663_CR34","doi-asserted-by":"publisher","first-page":"483","DOI":"10.17661\/jkiiect.2015.8.6.483","volume":"8","author":"H-C Kim","year":"2015","unstructured":"Kim H-C (2015) The assessing comparative study for statistical process control of software reliability model based on Musa-Okumo and power-law type. J Korea Inst Inf Electron Commun Technol 8(6):483\u2013490","journal-title":"J Korea Inst Inf Electron Commun Technol"},{"key":"663_CR35","doi-asserted-by":"publisher","first-page":"2268","DOI":"10.1007\/s10664-015-9408-2","volume":"21","author":"VH Nguyen","year":"2016","unstructured":"Nguyen VH, Dashevskyi S, Massacci F (2016) An automatic method for assessing the versions affected by a vulnerability. Empir Softw Eng 21:2268\u20132297","journal-title":"Empir Softw Eng"},{"key":"663_CR36","unstructured":"Gujarati DN, Porter DC (2009) Basic econometrics. McGraw-Hill Irwin. Google-Books-ID: 6l1CPgAACAAJ"},{"key":"663_CR37","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.ocemod.2013.08.003","volume":"72","author":"L Mentaschi","year":"2013","unstructured":"Mentaschi L, Besio G, Cassola F, Mazzino A (2013) Problems in RMSE-based wave model validations. Ocean Model 72:53\u201358","journal-title":"Ocean Model"},{"key":"663_CR38","unstructured":"Hanna SR, Heinold DW, A.\u00a0P. I. H. a. E.\u00a0A. Dept, E.\u00a0R.\u00a0T. Inc (1985) Development and application of a simple method for evaluating air quality models. American Petroleum Institute. Google-Books-ID: lKrpAAAAMAAJ"},{"key":"663_CR39","doi-asserted-by":"publisher","first-page":"211","DOI":"10.3233\/JCS-1993-22-308","volume":"2","author":"B Littlewood","year":"1993","unstructured":"Littlewood B, Brocklehurst S, Fenton N, Mellor P, Page S, Wright D, Dobson J, McDermid J, Gollmann D (1993) Towards operational measures of computer security. J Comput Secur 2:211\u2013229","journal-title":"J Comput Secur"}],"container-title":["Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00607-018-0663-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00607-018-0663-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00607-018-0663-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,14]],"date-time":"2020-05-14T08:04:38Z","timestamp":1589443478000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00607-018-0663-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9,25]]},"references-count":39,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,2]]}},"alternative-id":["663"],"URL":"https:\/\/doi.org\/10.1007\/s00607-018-0663-0","relation":{},"ISSN":["0010-485X","1436-5057"],"issn-type":[{"type":"print","value":"0010-485X"},{"type":"electronic","value":"1436-5057"}],"subject":[],"published":{"date-parts":[[2018,9,25]]},"assertion":[{"value":"25 September 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 September 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 September 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}