{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T08:11:05Z","timestamp":1777536665548,"version":"3.51.4"},"reference-count":22,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2017,4,26]],"date-time":"2017-04-26T00:00:00Z","timestamp":1493164800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"the Natural Science Foundation of Anhui Province","award":["1608085MF141"],"award-info":[{"award-number":["1608085MF141"]}]},{"name":"the Fundamental Research Funds for the Central Universities","award":["J2014HGBZ0131"],"award-info":[{"award-number":["J2014HGBZ0131"]}]},{"name":"the Humanity and Social Science Key Foundation of Anhui Province","award":["SK2015A578"],"award-info":[{"award-number":["SK2015A578"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Appl Intell"],"published-print":{"date-parts":[[2017,10]]},"DOI":"10.1007\/s10489-017-0925-0","type":"journal-article","created":{"date-parts":[[2017,4,26]],"date-time":"2017-04-26T07:03:29Z","timestamp":1493190209000},"page":"828-836","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Vulnerability severity prediction and risk metric modeling for software"],"prefix":"10.1007","volume":"47","author":[{"given":"Xiaoling","family":"Zhu","sequence":"first","affiliation":[]},{"given":"Chenglong","family":"Cao","sequence":"additional","affiliation":[]},{"given":"Jing","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,4,26]]},"reference":[{"key":"925_CR1","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1016\/j.cose.2006.10.002","volume":"26","author":"OH Alhazmi","year":"2007","unstructured":"Alhazmi O H, Malaiya Y K, Ray I (2007) Measuring, analyzing and predicting security vulnerabilities in software system. Comput Secur 26:219\u2013228","journal-title":"Comput Secur"},{"key":"925_CR2","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1109\/TR.2013.2257052","volume":"62","author":"S Rahimi","year":"2013","unstructured":"Rahimi S, Zargham M (2013) Vulnerability scrying method for software vulnerability discovery prediction without a vulnerability database. IEEE Trans Reliab 62:395\u2013407","journal-title":"IEEE Trans Reliab"},{"key":"925_CR3","first-page":"1279","volume":"48","author":"CJ Nie","year":"2011","unstructured":"Nie C J, Zhao X F, Chen K, Han Z Q (2011) An software vulnerability number prediction model based on micro-parameters. J Comput Res Dev 48:1279\u20131287","journal-title":"J Comput Res Dev"},{"key":"925_CR4","unstructured":"Okamura H, Etani Y, Dohi T (2010) A multi-factor software reliability model based on logistic regression IEEE 21st international symposium on software reliability engineering. IEEE, pp 31\u201340"},{"key":"925_CR5","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MSP.2005.17","volume":"3","author":"E Rescorla","year":"2005","unstructured":"Rescorla E (2005) Is finding security holes a good idea?. IEEE Secur Privacy 3:14\u201319","journal-title":"IEEE Secur Privacy"},{"key":"925_CR6","unstructured":"Alhazmi O, Malaiya Y (2006) Prediction capabilities of vulnerability discovery models Proceedings of the RAMS 06, annual reliability and maintainability symposium. IEEE, pp 86\u201391"},{"key":"925_CR7","first-page":"2367","volume":"21","author":"K Chen","year":"2010","unstructured":"Chen K, Feng D G, Su P R, Nie C J, Zhang X F (2010) Multi-cycle vulnerability discovery model for prediction. J Softw 21:2367\u2013 2375","journal-title":"J Softw"},{"key":"925_CR8","doi-asserted-by":"crossref","first-page":"1445","DOI":"10.1002\/qre.1567","volume":"30","author":"H Joh","year":"2014","unstructured":"Joh H, Malaiya Y K (2014) Modeling skewness in vulnerability discovery. Qual Reliab Eng Int 30:1445\u20131459","journal-title":"Qual Reliab Eng Int"},{"key":"925_CR9","doi-asserted-by":"crossref","first-page":"993","DOI":"10.1109\/TSE.2014.2340398","volume":"40","author":"R Scandariato","year":"2014","unstructured":"Scandariato R, Walden J, Hovsepyan A, Joosen W (2014) Predicting vulnerable software components via text mining. IEEE Trans Softw Eng 40:993\u20131006","journal-title":"IEEE Trans Softw Eng"},{"issue":"Z1","key":"925_CR10","first-page":"79","volume":"33","author":"QX Liu","year":"2012","unstructured":"Liu Q X, Zhang C B, Zhang Y Q, Zhang B F (2012) Research on key technology of vulnerability threat classification. J Commun 33(Z1):79\u201387","journal-title":"J Commun"},{"key":"925_CR11","first-page":"1","volume-title":"FIRST-Forum of Incident Response and Security Teams","author":"M Peter","year":"2007","unstructured":"Peter M, Karen S, Sasha R (2007) A complete guide to the common vulnerability scoring system Version 2.0 FIRST-Forum of Incident Response and Security Teams, pp 1\u201323"},{"key":"925_CR12","doi-asserted-by":"crossref","first-page":"561","DOI":"10.3233\/JCS-130475","volume":"21","author":"J Homer","year":"2013","unstructured":"Homer J, Zhang S, Ou X, Schmidt D, Du Y, Rajagopalan S R, Singhal A (2013) Aggregating vulnerability metrics in enterprise networks using attack graphs. J Comput Secur 21:561\u2013597","journal-title":"J Comput Secur"},{"key":"925_CR13","first-page":"111","volume":"48","author":"N Gao","year":"2016","unstructured":"Gao N, Gao L, He Y Y, Lei Y, Gao Q (2016) Dynamic security risk assessment model based on bayesian attack graph. J Sichuan Univ 48:111\u2013118","journal-title":"J Sichuan Univ"},{"key":"925_CR14","first-page":"2056","volume":"52","author":"CG Ma","year":"2015","unstructured":"Ma CG, Wang CH, Zhang DH, Li YT (2015) A dynamic network risk assessment model based on attacker\u2019s inclination. J Comput Res Dev 52:2056\u20132068","journal-title":"J Comput Res Dev"},{"key":"925_CR15","unstructured":"Hammons K (2014) Vulnerability management is not simple. \n                        www.issa.org\/resource\/resmgr\/journalpdfs\/feature0214.pdf"},{"key":"925_CR16","first-page":"51","volume":"28","author":"DM Zhao","year":"2007","unstructured":"Zhao D M, Ma J F, Wang Y S (2007) Model of fuzzy risk assessment of the information system. J Commun 28:51\u201356,64","journal-title":"J Commun"},{"key":"925_CR17","first-page":"2400","volume":"32","author":"XX Luo","year":"2015","unstructured":"Luo X X, Tang Z Y, Zhao Y J (2015) Dynamic software reliability assessment based on Markov chain. Appl Res Comput 32:2400\u20132405","journal-title":"Appl Res Comput"},{"key":"925_CR18","unstructured":"China National Vulnerability Database of Information Security. \n                        http:\/\/www.cnnvd.org.cn"},{"key":"925_CR19","first-page":"68","volume-title":"Application of basic and logarithmic poisson execution time models in software reliability measurement. Software Reliability Modeling and Identification","author":"JD Musa","year":"1988","unstructured":"Musa J D, Okumoto K (1988) Application of basic and logarithmic poisson execution time models in software reliability measurement. Software Reliability Modeling and Identification. Springer, Berlin Heidelberg, pp 68\u2013100"},{"key":"925_CR20","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1109\/TR.1979.5220566","volume":"28","author":"AL Goel","year":"1979","unstructured":"Goel A L, Okumoto K (1979) Time-dependent error detection rate model for software reliability and other performance measures. IEEE Trans Reliab 28:206\u2013211","journal-title":"IEEE Trans Reliab"},{"key":"925_CR21","first-page":"193","volume-title":"Software reliability engineering","author":"JD Musa","year":"1999","unstructured":"Musa J D, Iannino A, Okumoto K (1999) Software reliability engineering. McGraw-Hill, New York, USA, pp 193\u2013223"},{"key":"925_CR22","doi-asserted-by":"crossref","first-page":"942","DOI":"10.3724\/SP.J.1001.2010.03539","volume":"21","author":"JY Xie","year":"2010","unstructured":"Xie J Y, AN J X, Zhu J H (2010) NHPP Software Reliability growth model considering imperfect debugging. J Softw 21:942\u2013949","journal-title":"J Softw"}],"container-title":["Applied Intelligence"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10489-017-0925-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-017-0925-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-017-0925-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,9,7]],"date-time":"2017-09-07T04:46:56Z","timestamp":1504759616000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10489-017-0925-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,26]]},"references-count":22,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,10]]}},"alternative-id":["925"],"URL":"https:\/\/doi.org\/10.1007\/s10489-017-0925-0","relation":{},"ISSN":["0924-669X","1573-7497"],"issn-type":[{"value":"0924-669X","type":"print"},{"value":"1573-7497","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,4,26]]}}}