{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T22:49:39Z","timestamp":1774306179793,"version":"3.50.1"},"reference-count":66,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,5,20]],"date-time":"2025-05-20T00:00:00Z","timestamp":1747699200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,5,20]],"date-time":"2025-05-20T00:00:00Z","timestamp":1747699200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"School of Business Spring-Summer Fellowship Support at Oakland University"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01061-9","type":"journal-article","created":{"date-parts":[[2025,5,20]],"date-time":"2025-05-20T12:35:34Z","timestamp":1747744534000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Identifying factors influencing the duration of zero-day vulnerabilities"],"prefix":"10.1007","volume":"24","author":[{"given":"Yaman","family":"Roumani","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,20]]},"reference":[{"key":"1061_CR1","unstructured":"Check Point: Cyber Security Report 2023. (2023). Retrieved from: https:\/\/pages.checkpoint.com\/cyber-security-report-2023.html"},{"key":"1061_CR2","unstructured":"Sonatype: 2021 State of the Software Supply Chain. (2021). Retrieved from: https:\/\/www.sonatype.com\/resources\/state-of-the-software-supply-chain-2021"},{"issue":"1","key":"1061_CR3","first-page":"18","volume":"46","author":"Y Roumani","year":"2020","unstructured":"Roumani, Y., Nwankpa, J.: Examining exploitability risk of vulnerabilities: A hazard model. Commun. Association Inform. Syst. 46(1), 18 (2020)","journal-title":"Commun. Association Inform. Syst."},{"key":"1061_CR4","unstructured":"Kovacs, E.: Downfall: New Intel CPU Attack Exposing Sensitive Information. (2023). Retrieved from: https:\/\/www.securityweek.com\/downfall-new-intel-cpu-attack-exposing-sensitive-information\/"},{"issue":"11","key":"1061_CR5","doi-asserted-by":"publisher","first-page":"2532","DOI":"10.1111\/poms.13120","volume":"29","author":"R Sen","year":"2020","unstructured":"Sen, R., Choobineh, J., Kumar, S.: Determinants of software vulnerability disclosure timing. Prod. Oper. Manage. 29(11), 2532\u20132552 (2020)","journal-title":"Prod. Oper. Manage."},{"issue":"3","key":"1061_CR6","doi-asserted-by":"publisher","first-page":"3900","DOI":"10.1109\/TNSM.2023.3251282","volume":"20","author":"C Kim","year":"2023","unstructured":"Kim, C., Chang, S.Y., Kim, J., Lee, D., Kim, J.: Automated, reliable zero-day malware detection based on autoencoding architecture. IEEE Trans. Netw. Serv. Manage. 20(3), 3900\u20133914 (2023)","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"1061_CR7","first-page":"164","volume":"46","author":"UK Singh","year":"2019","unstructured":"Singh, U.K., Joshi, C., Kanellopoulos, D.: A framework for zero-day vulnerabilities detection and prioritization. J. Inform. Secur. Appl. 46, 164\u2013172 (2019)","journal-title":"J. Inform. Secur. Appl."},{"key":"1061_CR8","doi-asserted-by":"crossref","unstructured":"Abri, F., Siami-Namini, S., Khanghah, M.A., Soltani, F.M., Namin, A.S.: Can machine\/deep learning classifiers detect zero-day malware with high accuracy? In 2019 IEEE international conference on big data (Big Data) (pp. 3252\u20133259). IEEE. (2019), December","DOI":"10.1109\/BigData47090.2019.9006514"},{"key":"1061_CR9","doi-asserted-by":"publisher","first-page":"102308","DOI":"10.1016\/j.cose.2021.102308","volume":"106","author":"S Jeon","year":"2021","unstructured":"Jeon, S., Kim, H.K.: AutoVAS: An automated vulnerability analysis system with a deep learning approach. Computers Secur. 106, 102308 (2021)","journal-title":"Computers Secur."},{"key":"1061_CR10","doi-asserted-by":"publisher","first-page":"102936","DOI":"10.1016\/j.cose.2022.102936","volume":"123","author":"T Walshe","year":"2022","unstructured":"Walshe, T., Simpson, A.C.: Coordinated vulnerability disclosure programme effectiveness: Issues and recommendations. Computers Secur. 123, 102936 (2022)","journal-title":"Computers Secur."},{"issue":"4","key":"1061_CR11","doi-asserted-by":"publisher","first-page":"642","DOI":"10.1287\/mnsc.1070.0771","volume":"54","author":"A Arora","year":"2008","unstructured":"Arora, A., Telang, R., Xu, H.: Optimal policy for software vulnerability disclosure. Manage. Sci. 54(4), 642\u2013656 (2008)","journal-title":"Manage. Sci."},{"issue":"1","key":"1061_CR12","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1287\/isre.1080.0226","volume":"21","author":"A Arora","year":"2010","unstructured":"Arora, A., Krishnan, R., Telang, R., Yang, Y.: An empirical analysis of software vendors\u2019 patch release behavior: Impact of vulnerability disclosure. Inform. Syst. Res. 21(1), 115\u2013132 (2010)","journal-title":"Inform. Syst. Res."},{"key":"1061_CR13","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1007\/s10796-006-9012-5","volume":"8","author":"A Arora","year":"2006","unstructured":"Arora, A., Nandkumar, A., Telang, R.: Does information security attack frequency increase with vulnerability disclosure? An empirical analysis. Inform. Syst. Front. 8, 350\u2013362 (2006)","journal-title":"Inform. Syst. Front."},{"issue":"6","key":"1061_CR14","doi-asserted-by":"publisher","first-page":"1073","DOI":"10.1111\/deci.12212","volume":"47","author":"R Sen","year":"2016","unstructured":"Sen, R., Heim, G.R.: Managing enterprise risks of technological systems: An exploratory empirical analysis of vulnerability characteristics as drivers of exploit publication. Decis. Sci. 47(6), 1073\u20131102 (2016)","journal-title":"Decis. Sci."},{"key":"1061_CR15","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1016\/j.comcom.2022.11.001","volume":"198","author":"Y Guo","year":"2023","unstructured":"Guo, Y.: A review of machine Learning-based zero-day attack detection: Challenges and future directions. Comput. Commun. 198, 175\u2013185 (2023)","journal-title":"Comput. Commun."},{"key":"1061_CR16","doi-asserted-by":"publisher","first-page":"103382","DOI":"10.1016\/j.cose.2023.103382","volume":"132","author":"M Albanese","year":"2023","unstructured":"Albanese, M., Iganibo, I., Adebiyi, O.: A framework for designing vulnerability metrics. Computers Secur. 132, 103382 (2023)","journal-title":"Computers Secur."},{"issue":"1","key":"1061_CR17","first-page":"155","volume":"35","author":"S Walton","year":"2021","unstructured":"Walton, S., Wheeler, P.R., Zhang, Y., Zhao, X.: An integrative review and analysis of cybersecurity research: Current state and future directions. J. Inform. Syst. 35(1), 155\u2013186 (2021)","journal-title":"J. Inform. Syst."},{"issue":"4","key":"1061_CR18","doi-asserted-by":"publisher","first-page":"730","DOI":"10.1109\/TDSC.2019.2893950","volume":"17","author":"M Shahzad","year":"2019","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: Large scale characterization of software vulnerability life cycles. IEEE Trans. Dependable Secur. Comput. 17(4), 730\u2013744 (2019)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"1061_CR19","unstructured":"CVSS: Common Vulnerability Scoring System v3.1: Specification Document. (2019). Retrieved from https:\/\/www.first.org\/cvss\/v3.1\/specification-document"},{"key":"1061_CR20","doi-asserted-by":"publisher","first-page":"103618","DOI":"10.1016\/j.cose.2023.103618","volume":"138","author":"X Li","year":"2024","unstructured":"Li, X., Zhao, L., Wei, Q., Wu, Z., Shi, W., Wang, Y.: SHFuzz: Service handler-aware fuzzing for detecting multi-type vulnerabilities in embedded devices. Computers Secur. 138, 103618 (2024)","journal-title":"Computers Secur."},{"key":"1061_CR21","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1016\/j.chb.2019.09.028","volume":"103","author":"J Ruohonen","year":"2020","unstructured":"Ruohonen, J., Hyrynsalmi, S., Lepp\u00e4nen, V.: A mixed methods probe into the direct disclosure of software vulnerabilities. Comput. Hum. Behav. 103, 161\u2013173 (2020)","journal-title":"Comput. Hum. Behav."},{"key":"1061_CR22","doi-asserted-by":"publisher","first-page":"10472","DOI":"10.1109\/ACCESS.2021.3126401","volume":"10","author":"A Lisi","year":"2021","unstructured":"Lisi, A., Mukherjee, P., De Santis, L., Wu, L., Lagutin, D., Kortesniemi, Y.: Automated responsible disclosure of security vulnerabilities. IEEE Access. 10, 10472\u201310489 (2021)","journal-title":"IEEE Access."},{"key":"1061_CR23","doi-asserted-by":"crossref","unstructured":"Ransbotham, S., Mitra, S., Ramsey, J.: Are markets for vulnerabilities effective? MIS Q., 43\u201364. (2012)","DOI":"10.2307\/41410405"},{"key":"1061_CR24","doi-asserted-by":"publisher","first-page":"113586","DOI":"10.1016\/j.dss.2021.113586","volume":"148","author":"A Ahmed","year":"2021","unstructured":"Ahmed, A., Deokar, A., Lee, H.C.B.: Vulnerability disclosure mechanisms: A synthesis and framework for market-based and non-market-based disclosures. Decis. Support Syst. 148, 113586 (2021)","journal-title":"Decis. Support Syst."},{"issue":"3","key":"1061_CR25","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1109\/TSE.2007.26","volume":"33","author":"H Cavusoglu","year":"2007","unstructured":"Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge. IEEE Trans. Software Eng. 33(3), 171\u2013185 (2007)","journal-title":"IEEE Trans. Software Eng."},{"key":"1061_CR26","doi-asserted-by":"crossref","unstructured":"Caulfield, T., Ioannidis, C., Pym, D.: The US vulnerabilities equities process: An economic perspective. In Decision and Game Theory for Security: 8th International Conference, GameSec 2017, Vienna, Austria, October 23\u201325, 2017, Proceedings (pp. 131\u2013150). Springer International Publishing. (2017)","DOI":"10.1007\/978-3-319-68711-7_8"},{"key":"1061_CR27","doi-asserted-by":"crossref","unstructured":"Dingman, A., Russo, G.: Risk-based vulnerability disclosure: Towards optimal policy. Available at SSRN 2601191. (2015)","DOI":"10.2139\/ssrn.2601191"},{"key":"1061_CR28","doi-asserted-by":"crossref","unstructured":"McQueen, M.A., McQueen, T.A., Boyer, W.F., Chaffin, M.R.: Empirical estimates and observations of 0\u00a0day vulnerabilities. In 2009 42nd Hawaii international conference on system sciences (pp. 1\u201312). IEEE. (2009), January","DOI":"10.1109\/HICSS.2009.186"},{"key":"1061_CR29","doi-asserted-by":"crossref","unstructured":"Ablon, L., Bogart, A.: Zero Days, Thousands of Nights: the Life and Times of zero-day Vulnerabilities and their Exploits. Rand Corporation (2017)","DOI":"10.7249\/RR1751"},{"issue":"9","key":"1061_CR30","doi-asserted-by":"publisher","first-page":"137","DOI":"10.3390\/computers11090137","volume":"11","author":"AM Algarni","year":"2022","unstructured":"Algarni, A.M.: The historical relationship between the software vulnerability lifecycle and vulnerability markets: Security and economic risks. Computers. 11(9), 137 (2022)","journal-title":"Computers"},{"key":"1061_CR31","unstructured":"Trend Micro: Trends and Shifts in the Underground N-Day Exploit Market. (2024). Retrieved from: https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/trends-and-shifts-in-the-underground-n-day-exploit-market"},{"key":"1061_CR32","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/978-3-031-85994-6_16","volume-title":"Cybersecurity, Psychology and People Hacking","author":"T Singh","year":"2025","unstructured":"Singh, T.: Case studies: State-Sponsored cyberattacks. In: Cybersecurity, Psychology and People Hacking, pp. 151\u2013165. Springer Nature Switzerland, Cham (2025)"},{"issue":"14","key":"1061_CR33","doi-asserted-by":"publisher","first-page":"2212","DOI":"10.3390\/electronics11142212","volume":"11","author":"M Alsaffar","year":"2022","unstructured":"Alsaffar, M., Aljaloud, S., Mohammed, B.A., Al-Mekhlafi, Z.G., Almurayziq, T.S., Alshammari, G., Alshammari, A.: Detection of web Cross-Site scripting (XSS) attacks. Electronics. 11(14), 2212 (2022)","journal-title":"Electronics"},{"key":"1061_CR34","doi-asserted-by":"crossref","unstructured":"Cohen, J., Cohen, P., West, S.G., Aiken, L.S.: Applied Multiple Regression\/correlation Analysis for the Behavioral Sciences. Routledge (2013)","DOI":"10.4324\/9780203774441"},{"issue":"6","key":"1061_CR35","doi-asserted-by":"publisher","first-page":"1722","DOI":"10.1080\/03610918.2017.1323223","volume":"47","author":"EH Payne","year":"2018","unstructured":"Payne, E.H., Gebregziabher, M., Hardin, J.W., Ramakrishnan, V., Egede, L.E.: An empirical approach to determine a threshold for assessing overdispersion in Poisson and negative binomial models for count data. Commun. Statistics-Simulation Comput. 47(6), 1722\u20131738 (2018)","journal-title":"Commun. Statistics-Simulation Comput."},{"key":"1061_CR36","doi-asserted-by":"crossref","unstructured":"Hilbe, J.M.: Modeling Count Data. Cambridge University Press (2014)","DOI":"10.1017\/CBO9781139236065"},{"key":"1061_CR37","unstructured":"Rackspace: Rackspace Dark Market Report - A New Economy. (2022). Retrieved from: https:\/\/www.rackspace.com\/sites\/default\/files\/2022-07\/Rackspace-Report-Dark-Market-Report-A-New-Economy-SEC-TSK-4330.pdf"},{"key":"1061_CR38","unstructured":"CWE: Common Weakness Enumeration (CWE). (2024). https:\/\/cwe.mitre.org\/"},{"key":"1061_CR39","doi-asserted-by":"publisher","first-page":"116569","DOI":"10.1016\/j.eswa.2022.116569","volume":"195","author":"M Alidoosti","year":"2022","unstructured":"Alidoosti, M., Nowroozi, A., Nickabadi, A.: Semantic web racer: Dynamic security testing of the web application against race condition in the business layer. Expert Syst. Appl. 195, 116569 (2022)","journal-title":"Expert Syst. Appl."},{"key":"1061_CR40","unstructured":"Adobe: Security update available for Adobe Commerce| APSB22-13. (2022). Retrieved from: https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb22-13.html"},{"key":"1061_CR41","unstructured":"Rapid7: SAP NetWeaver AS JAVA CVE-2020-6287: Authentication bypass via LM Configuration Wizard. (2020). Retrieved from: https:\/\/www.rapid7.com\/db\/vulnerabilities\/sap-netweaver-as-java-cve-2020-6287\/"},{"key":"1061_CR42","unstructured":"CVE: CVE-2022-46694. (2022). Retrieved from: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-46694"},{"key":"1061_CR43","unstructured":"Trend Micro: Patch CVE-2023-23397 Immediately: What You Need To Know and Do. (2023). Retrieved from: https:\/\/www.trendmicro.com\/en_us\/research\/23\/c\/patch-cve-2023-23397-immediately-what-you-need-to-know-and-do.html"},{"issue":"1","key":"1061_CR44","doi-asserted-by":"publisher","first-page":"tyab023","DOI":"10.1093\/cybsec\/tyab023","volume":"7","author":"Y Roumani","year":"2021","unstructured":"Roumani, Y.: Patching zero-day vulnerabilities: An empirical Analysis. J. Cybersecur. 7(1), tyab023 (2021)","journal-title":"J. Cybersecur."},{"key":"1061_CR45","unstructured":"WatchGuard: Internet Security Report Q1 2023. (2023). Retrieved from: https:\/\/www.watchguard.com\/wgrd-resource-center\/security-report-q1-2023"},{"key":"1061_CR46","unstructured":"Danen, V.: Do all vulnerabilities really matter? (2022). Retrieved from: https:\/\/www.redhat.com\/en\/blog\/do-all-vulnerabilities-really-matter"},{"key":"1061_CR47","unstructured":"McFadden, D.: Conditional logit analysis of qualitative choice behavior. (1972)"},{"issue":"2","key":"1061_CR48","doi-asserted-by":"publisher","first-page":"39","DOI":"10.12691\/ajams-8-2-1","volume":"8","author":"N Shrestha","year":"2020","unstructured":"Shrestha, N.: Detecting multicollinearity in regression analysis. Am. J. Appl. Math. Stat. 8(2), 39\u201342 (2020)","journal-title":"Am. J. Appl. Math. Stat."},{"key":"1061_CR49","doi-asserted-by":"crossref","unstructured":"Braz, L., Fregnan, E., \u00c7alikli, G., Bacchelli, A.: Why Don\u2019t Developers Detect Improper Input Validation?\u2018; DROP TABLE Papers;--. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE) (pp. 499\u2013511). IEEE. (2021), May","DOI":"10.1109\/ICSE43902.2021.00054"},{"key":"1061_CR50","doi-asserted-by":"crossref","unstructured":"Baset, A.Z., Denning, T.: Ide plugins for detecting input-validation vulnerabilities. In: 2017 IEEE Security and Privacy Workshops (SPW), pp. 143\u2013146. IEEE (2017, May)","DOI":"10.1109\/SPW.2017.37"},{"issue":"2","key":"1061_CR51","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s10458-021-09522-w","volume":"35","author":"M Guo","year":"2021","unstructured":"Guo, M., Wang, G., Hata, H., Babar, M.A.: Revenue maximizing markets for zero-day exploits. Auton. Agent. Multi-Agent Syst. 35(2), 36 (2021)","journal-title":"Auton. Agent. Multi-Agent Syst."},{"issue":"2","key":"1061_CR52","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1080\/07421222.2020.1759339","volume":"37","author":"RO Briggs","year":"2020","unstructured":"Briggs, R.O., Nunamaker, J.F.: The growing complexity of enterprise software. J. Manage. Inform. Syst. 37(2), 313\u2013315 (2020)","journal-title":"J. Manage. Inform. Syst."},{"key":"1061_CR53","unstructured":"CERT: Vulnerability Disclosure Policy. (2023). Retrieved from: https:\/\/vuls.cert.org\/confluence\/display\/Wiki\/Vulnerability+Disclosure+Policy"},{"key":"1061_CR54","unstructured":"Schl\u00e4pfer, P.: Reviewing 2023\u2019s High Impact Zero-days against Office and Chrome. (2023). Retrieved from: https:\/\/threatresearch.ext.hp.com\/productivity-software-in-the-crosshairs-reviewing-2023-zero-days\/"},{"key":"1061_CR55","unstructured":"Householder, A.D., Wassermann, G., Manion, A., King, C.: The CERT Guide to Coordinated Vulnerability Disclosure. Software Engineering Institute (Carnegie Mellon University). (2017). Retrieved from https:\/\/kilthub.cmu.edu\/articles\/report\/CERT_Guide_to_Coordinated_Vulnerability_Disclosure\/12367340\/files\/22791281.pdf"},{"issue":"4","key":"1061_CR56","doi-asserted-by":"publisher","first-page":"101693","DOI":"10.1016\/j.jsis.2021.101693","volume":"30","author":"G Dhillon","year":"2021","unstructured":"Dhillon, G., Smith, K., Dissanayaka, I.: Information systems security research agenda: Exploring the gap between research and practice. J. Strateg. Inf. Syst. 30(4), 101693 (2021)","journal-title":"J. Strateg. Inf. Syst."},{"key":"1061_CR57","doi-asserted-by":"publisher","first-page":"148315","DOI":"10.1109\/ACCESS.2020.3015551","volume":"8","author":"W Wang","year":"2020","unstructured":"Wang, W., Shi, F., Zhang, M., Xu, C., Zheng, J.: A vulnerability risk assessment method based on heterogeneous information network. IEEE Access. 8, 148315\u2013148330 (2020)","journal-title":"IEEE Access."},{"issue":"1","key":"1061_CR58","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1111\/risa.12891","volume":"40","author":"AA Ganin","year":"2020","unstructured":"Ganin, A.A., Quach, P., Panwar, M., Collier, Z.A., Keisler, J.M., Marchese, D., Linkov, I.: Multicriteria decision framework for cybersecurity risk assessment and management. Risk Anal. 40(1), 183\u2013199 (2020)","journal-title":"Risk Anal."},{"issue":"1","key":"1061_CR59","doi-asserted-by":"publisher","first-page":"tyaa007","DOI":"10.1093\/cybsec\/tyaa007","volume":"6","author":"C Weir","year":"2020","unstructured":"Weir, C., Rashid, A., Noble, J.: Challenging software developers: Dialectic as a foundation for security assurance techniques. J. Cybersecur. 6(1), tyaa007 (2020)","journal-title":"J. Cybersecur."},{"key":"1061_CR60","doi-asserted-by":"publisher","first-page":"102744","DOI":"10.1016\/j.cose.2022.102744","volume":"118","author":"IA T\u00f8ndel","year":"2022","unstructured":"T\u00f8ndel, I.A., Cruzes, D.S., Jaatun, M.G., Sindre, G.: Influencing the security prioritisation of an agile software development project. Computers Secur. 118, 102744 (2022)","journal-title":"Computers Secur."},{"key":"1061_CR61","doi-asserted-by":"publisher","first-page":"103849","DOI":"10.1016\/j.cose.2024.103849","volume":"142","author":"M Cen","year":"2024","unstructured":"Cen, M., Deng, X., Jiang, F., Doss, R.: Zero-Ran Sniff: A zero-day ransomware early detection method based on zero-shot learning. Computers Secur. 142, 103849 (2024)","journal-title":"Computers Secur."},{"issue":"8","key":"1061_CR62","doi-asserted-by":"publisher","first-page":"1975","DOI":"10.1109\/TIFS.2018.2890808","volume":"14","author":"N Moustafa","year":"2019","unstructured":"Moustafa, N., Choo, K.K.R., Radwan, I., Camtepe, S.: Outlier dirichlet mixture mechanism: Adversarial statistical learning for anomaly detection in the fog. IEEE Trans. Inf. Forensics Secur. 14(8), 1975\u20131987 (2019)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1061_CR63","doi-asserted-by":"publisher","first-page":"4691","DOI":"10.1109\/TIFS.2021.3113512","volume":"16","author":"Z Hu","year":"2021","unstructured":"Hu, Z., Chen, P., Zhu, M., Liu, P.: A co-design adaptive defense scheme with bounded security damages against heartbleed-like attacks. IEEE Trans. Inf. Forensics Secur. 16, 4691\u20134704 (2021)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"1","key":"1061_CR64","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-019-0038-7","volume":"2","author":"A Khraisat","year":"2019","unstructured":"Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity. 2(1), 1\u201322 (2019)","journal-title":"Cybersecurity"},{"key":"1061_CR65","doi-asserted-by":"publisher","first-page":"100843","DOI":"10.1016\/j.elerap.2019.100843","volume":"35","author":"N Feng","year":"2019","unstructured":"Feng, N., Wang, M., Li, M., Li, D.: Effect of security investment strategy on the business value of managed security service providers. Electron. Commer. Res. Appl. 35, 100843 (2019)","journal-title":"Electron. Commer. Res. Appl."},{"key":"1061_CR66","unstructured":"Costante, E.: An Insider\u2019s Account of Disclosing Vulnerabilities. (2021). Retrieved from: https:\/\/www.darkreading.com\/vulnerabilities-threats\/an-insider-s-account-of-disclosing-vulnerabilities"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01061-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01061-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01061-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:17Z","timestamp":1750500677000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01061-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,20]]},"references-count":66,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1061"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01061-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,20]]},"assertion":[{"value":"20 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"133"}}