{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T14:29:20Z","timestamp":1773325760315,"version":"3.50.1"},"reference-count":80,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,10,21]],"date-time":"2025-10-21T00:00:00Z","timestamp":1761004800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100002347","name":"Federal Ministry of Education and Research Bonn Office","doi-asserted-by":"publisher","award":["16KIS1113"],"award-info":[{"award-number":["16KIS1113"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001656","name":"Helmholtz-Gemeinschaft","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001656","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100009318","name":"Helmholtz Association","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100009318","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1016\/j.cose.2025.104682","type":"journal-article","created":{"date-parts":[[2025,10,21]],"date-time":"2025-10-21T15:04:32Z","timestamp":1761059072000},"page":"104682","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["\u201cI believe it\u2019s incredibly difficult to fight against this flood of spam\u201d: Towards enhancing strategies for creating effective vulnerability notifications"],"prefix":"10.1016","volume":"160","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6964-589X","authenticated-orcid":false,"given":"Anne","family":"Hennig","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8140-8953","authenticated-orcid":false,"given":"Maxime","family":"Veit","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Leoni","family":"Schmidt-Enke","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabian","family":"Neusser","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7374-3054","authenticated-orcid":false,"given":"Dominik","family":"Herrmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6267-4874","authenticated-orcid":false,"given":"Peter","family":"Mayer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2025.104682_b1","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","article-title":"The theory of planned behavior","volume":"2","author":"Ajzen","year":"1991","journal-title":"Organ. Behav. Hum. Decis. Process."},{"key":"10.1016\/j.cose.2025.104682_b2","doi-asserted-by":"crossref","first-page":"665","DOI":"10.1111\/j.1559-1816.2002.tb00236.x","article-title":"Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior","volume":"4","author":"Ajzen","year":"2002","journal-title":"J. Appl. Soc. Psychol."},{"key":"10.1016\/j.cose.2025.104682_b3","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/s10257-022-00575-2","article-title":"Moving beyond cyber security awareness and training to engendering security knowledge sharing","volume":"21","author":"Alahmari","year":"2023","journal-title":"Inf. Syst. E Bus. Manag."},{"key":"10.1016\/j.cose.2025.104682_b4","first-page":"1","article-title":"Investigating effectiveness of informing users about breach status of their email addresses during website registration","author":"Albayram","year":"2024","journal-title":"Int. J. Hum. Comput. Interact."},{"key":"10.1016\/j.cose.2025.104682_b5","doi-asserted-by":"crossref","DOI":"10.2139\/ssrn.3259563","article-title":"Encouraging password manager adoption by meeting adopter self-determination needs (Extended version)","author":"Alkaldi","year":"2018","journal-title":"SSRN Electron. J."},{"key":"10.1016\/j.cose.2025.104682_b6","series-title":"Cyber security awareness campaigns: Why do they fail to change behaviour?","first-page":"118","author":"Bada","year":"2015"},{"key":"10.1016\/j.cose.2025.104682_b7","series-title":"WordPress infected with the pharma hack? How to detect, clean and secure your site from it - DEV community","author":"BitofWP","year":"2019"},{"issue":"4","key":"10.1016\/j.cose.2025.104682_b8","doi-asserted-by":"crossref","first-page":"552","DOI":"10.7334\/psicothema2016.383","article-title":"Non-normal data: Is ANOVA still a valid option?","volume":"29","author":"Blanca","year":"2017","journal-title":"Psicothema"},{"key":"10.1016\/j.cose.2025.104682_b9","series-title":"Proceedings of the 17th Symposium on Usable Privacy and Security","first-page":"493","article-title":"\u201cThe thing doesn\u2019t have a name\u201d: Learning from emergent real-world interventions in smart home security","author":"Bouwmeester","year":"2021"},{"issue":"3","key":"10.1016\/j.cose.2025.104682_b10","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Q."},{"key":"10.1016\/j.cose.2025.104682_b11","series-title":"Kommunikationswissenschaft","author":"Burkart","year":"2021"},{"issue":"2","key":"10.1016\/j.cose.2025.104682_b12","doi-asserted-by":"crossref","first-page":"1778","DOI":"10.1109\/JSYST.2015.2487684","article-title":"Cyber stealth attacks in critical information infrastructures","volume":"12","author":"Cazorla","year":"2018","journal-title":"IEEE Syst. J."},{"key":"10.1016\/j.cose.2025.104682_b13","series-title":"Fourteenth Symposium on Usable Privacy and Security","first-page":"251","article-title":"Let me out! evaluating the effectiveness of quarantining compromised users in walled gardens","author":"\u00c7etin","year":"2018"},{"key":"10.1016\/j.cose.2025.104682_b14","series-title":"Proceedings 2019 Network and Distributed System Security Symposium","article-title":"Cleaning up the internet of evil things: Real-world evidence on ISP and consumer efforts to remove mirai","author":"\u00c7etin","year":"2019"},{"key":"10.1016\/j.cose.2025.104682_b15","first-page":"326","article-title":"Tell me you fixed it: Evaluating vulnerability notifications via quarantine network","volume":"Vol. 00","author":"\u00c7etin","year":"2019"},{"key":"10.1016\/j.cose.2025.104682_b16","unstructured":"\u00c7etin, F.O., Ganan, C. Hernandez, Korczynski, M.T., van Eeten, M.J.G., 2017. Make notifications great again: learning how to notify in the age of large-scale vulnerability scanning. WEIS 2017, In: 16th Workshop on the Economics of Information Security, San Diego, pp. 1\u201323, http:\/\/resolver.tudelft.nl\/uuid:621f4a4f-e5d9-4f04-abc4-46252f9db3db."},{"issue":"1","key":"10.1016\/j.cose.2025.104682_b17","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1093\/cybsec\/tyw005","article-title":"Understanding the role of sender reputation in abuse reporting and cleanup","volume":"2","author":"\u00c7etin","year":"2016","journal-title":"J. Cybersecur."},{"issue":"2","key":"10.1016\/j.cose.2025.104682_b18","doi-asserted-by":"crossref","first-page":"525","DOI":"10.25300\/MISQ\/2019\/15117","article-title":"Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance","volume":"43","author":"Cram","year":"2019","journal-title":"MIS Q."},{"issue":"CSCW2","key":"10.1016\/j.cose.2025.104682_b19","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/3555090","article-title":"\u201cCyber security is a dark art\u201d\u2019: The CISO as soothsayer","volume":"6","author":"Da Silva","year":"2022","journal-title":"Proc. ACM Hum. Comput. Interact."},{"key":"10.1016\/j.cose.2025.104682_b20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2017.03.010","article-title":"Applications of social network analysis in behavioural information security research: Concepts and empirical analysis","volume":"68","author":"Dang-Pham","year":"2017","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2025.104682_b21","series-title":"Proceedings of the 22nd Annual Conference on Information Technology Education","first-page":"35","article-title":"Scaring people is not enough: An examination of fear appeals within the context of promoting good password hygiene","author":"Dupuis","year":"2021"},{"issue":"3","key":"10.1016\/j.cose.2025.104682_b22","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/s10676-020-09560-0","article-title":"Scoping the ethical principles of cybersecurity fear appeals","volume":"23","author":"Dupuis","year":"2021","journal-title":"Ethics Inf. Technol."},{"key":"10.1016\/j.cose.2025.104682_b23","series-title":"Proceedings of the 2014 Conference on Internet Measurement Conference, IMC \u201914","first-page":"475","article-title":"The matter of heartbleed","author":"Durumeric","year":"2014"},{"key":"10.1016\/j.cose.2025.104682_b24","series-title":"Proceedings of the 2022 Workshop on Measurements, Attacks, and Defenses for the Web","article-title":"Characterizing the adoption of security.txt files and their applications to vulnerability notification","author":"Findlay","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b25","first-page":"12","article-title":"Understanding the influences on information security behaviour","volume":"2012","author":"Furnell","year":"2012","journal-title":"Comput. Fraud Secur."},{"key":"10.1016\/j.cose.2025.104682_b26","series-title":"2017 IEEE Security and Privacy Workshops","first-page":"199","article-title":"Security implications of publicly reachable building automation systems","author":"Gasser","year":"2017"},{"key":"10.1016\/j.cose.2025.104682_b27","series-title":"Proceedings of the 21th Symposium on Usable Privacy and Security","article-title":"Unpacking the social and emotional dimensions of security and privacy user engagement","author":"Gerber","year":"2025"},{"issue":"3","key":"10.1016\/j.cose.2025.104682_b28","doi-asserted-by":"crossref","first-page":"237","DOI":"10.3102\/00346543042003237","article-title":"Consequences of failure to meet assumptions underlying the fixed effects analyses of variance and covariance","volume":"42","author":"Glass","year":"1972","journal-title":"Rev. Educ. Res."},{"key":"10.1016\/j.cose.2025.104682_b29","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1549","article-title":"\u201dWhat was that site doing with my facebook password?\u201d: Designing password-reuse notifications","author":"Golla","year":"2018"},{"key":"10.1016\/j.cose.2025.104682_b30","series-title":"Rectifying google rankings: A primer on Japanese keyword hack recovery","author":"Goodchild","year":"2024"},{"key":"10.1016\/j.cose.2025.104682_b31","series-title":"Website redirects im umfeld von fake webshops und SEO fraud","author":"Halder","year":"2025"},{"issue":"4","key":"10.1016\/j.cose.2025.104682_b32","doi-asserted-by":"crossref","first-page":"315","DOI":"10.3102\/10769986017004315","article-title":"Summarizing Monte Carlo results in methodological research: The one- and two-factor fixed effects ANOVA cases","volume":"17","author":"Harwell","year":"1992","journal-title":"J. Educ. Stat."},{"key":"10.1016\/j.cose.2025.104682_b33","series-title":"Human Aspects of Information Security and Assurance","first-page":"218","article-title":"\u201cYour cookie disclaimer is not in line with the ideas of the gdpr. Why?\u201d","volume":"vol. 658","author":"Hennig","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b34","series-title":"Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems (New Orleans, LA, USA)","first-page":"8","article-title":"Standing out among the daily spam: How to catch website owners\u2019 attention by means of vulnerability notifications","author":"Hennig","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b35","series-title":"Proceedings of the 2023 European Symposium on Usable Security (Copenhagen, Denmark)","first-page":"312","article-title":"Vision: What the hack is going on? A first look at how website owners became aware that their website was hacked","author":"Hennig","year":"2023"},{"key":"10.1016\/j.cose.2025.104682_b36","series-title":"Eighteenth Symposium on Usable Privacy and Security","first-page":"155","article-title":"Users\u2019 perceptions of chrome compromised credential notification","author":"Huang","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b37","series-title":"23rd USENIX Security Symposium","first-page":"111","article-title":"Exit from hell? Reducing the impact of amplification DDoS attacks","author":"K\u00fchrer","year":"2014"},{"key":"10.1016\/j.cose.2025.104682_b38","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1007\/978-3-030-03302-6_7","article-title":"A framework to detect compromised websites using link structure anomalies","author":"Kumar","year":"2019","journal-title":"Adv. Intell. Syst. Comput."},{"key":"10.1016\/j.cose.2025.104682_b39","series-title":"25th USENIX Security Symposium","first-page":"1033","article-title":"You\u2019ve got vulnerability: Exploring effective vulnerability notifications","author":"Li","year":"2016"},{"key":"10.1016\/j.cose.2025.104682_b40","series-title":"Proceedings of the 25th International Conference on World Wide Web","first-page":"1009","article-title":"Remedying web hijacking: Notification effectiveness and webmaster comprehension","author":"Li","year":"2016"},{"key":"10.1016\/j.cose.2025.104682_b41","series-title":"Fifteenth Symposium on Usable Privacy and Security","first-page":"273","article-title":"Keepers of the machines: Examining how system administrators manage software updates","author":"Li","year":"2019"},{"issue":"4","key":"10.1016\/j.cose.2025.104682_b42","first-page":"579","article-title":"Consequences of assumption violations revisited: A quantitative review of alternatives to the one-way analysis of variance F test","volume":"66","author":"Lix","year":"1996","journal-title":"Rev. Educ. Res."},{"key":"10.1016\/j.cose.2025.104682_b43","first-page":"2361","article-title":"Deployment of source address validation by network operators: A randomized control trial","volume":"00","author":"Lone","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b44","series-title":"The 16th International Conference on Availability, Reliability and Security","first-page":"1","article-title":"Snail mail beats email any day: On effective operator security notifications in the internet","author":"Maa\u00df","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b45","series-title":"The 16th International Conference on Availability, Reliability and Security","first-page":"1","article-title":"Best practices for notification studies for security and privacy issues on the internet","author":"Maa\u00df","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b46","series-title":"30th USENIX Security Symposium","first-page":"2489","article-title":"Effective notification campaigns on the web: A matter of trust, framing, and support","author":"Maa\u00df","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b47","series-title":"Spamdexing: What is SEO spam and how to remove it","author":"Martori","year":"2020"},{"key":"10.1016\/j.cose.2025.104682_b48","series-title":"Proceedings of the 12th International Conference on Availability, Reliability and Security (Reggio Calabria, Italy)","first-page":"10","article-title":"Reliable behavioural factors in the information security context","author":"Mayer","year":"2017"},{"key":"10.1016\/j.cose.2025.104682_b49","series-title":"30th USENIX Security Symposium","first-page":"393","article-title":"\u201dNow I\u2019m a bit angry:\u201d Individuals\u2019 awareness, perception, and responses to data breaches that affected them","author":"Mayer","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b50","series-title":"Fake-online-shops - erkennung von fake-shops auf gehackten webseiten","author":"mindUp Web & Intelligence GmbH","year":"2025"},{"key":"10.1016\/j.cose.2025.104682_b51","series-title":"Gezieltes finden gehackter webseiten","author":"mindUp Web & Intelligence GmbH","year":"2025"},{"key":"10.1016\/j.cose.2025.104682_b52","first-page":"1","article-title":"Hello, you\u2019ve been hacked: a study of victim notification preferences","author":"Muniz","year":"2024","journal-title":"J. Crime Justice"},{"key":"10.1016\/j.cose.2025.104682_b53","series-title":"2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications","first-page":"1480","article-title":"Don\u2019t get hijacked: Prevalence, mitigation, and impact of non-secure DNS dynamic updates","volume":"Vol. 00","author":"Nosyk","year":"2023"},{"key":"10.1016\/j.cose.2025.104682_b54","series-title":"The Concise Encyclopedia of Communication","article-title":"Elaboration likelihood model","author":"O\u2019Keefe","year":"2015"},{"key":"10.1016\/j.cose.2025.104682_b55","series-title":"Proceedings of the 21st ACM Internet Measurement Conference","first-page":"526","article-title":"Who you gonna call? an empirical evaluation of website security.txt deployment","author":"Poteat","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b56","series-title":"Princeton researcher apologizes for GDPR\/CCPA email study","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b57","series-title":"Princeton-radboud study on privacy law implementation","author":"Princeton University","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b58","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1145\/3498891.3498896","article-title":"Shame in cyber security: Effective behavior modification tool or counterproductive foil?","author":"Renaud","year":"2021","journal-title":"New Secur. Parad. Work."},{"issue":"75","key":"10.1016\/j.cose.2025.104682_b59","article-title":"Exploring cybersecurity-related emotions and finding that they are challenging to measure","volume":"8","author":"Renaud","year":"2021","journal-title":"Humanit. Soc. Sci. Commun."},{"issue":"1","key":"10.1016\/j.cose.2025.104682_b60","doi-asserted-by":"crossref","DOI":"10.1093\/cybsec\/tyab015","article-title":"User compliance and remediation success after IoT malware notifications","volume":"7","author":"Rodr\u00edguez","year":"2021","journal-title":"J. Cybersecur."},{"key":"10.1016\/j.cose.2025.104682_b61","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"1","author":"Rogers","year":"1975","journal-title":"J. Psychol."},{"key":"10.1016\/j.cose.2025.104682_b62","series-title":"Eighteenth Symposium on Usable Privacy and Security","first-page":"613","article-title":"Being hacked: Understanding victims\u2019 experiences of IoT hacking","author":"Rostami","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b63","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.102114","article-title":"On cloaking behaviors of malicious websites","volume":"101","author":"Samarasinghe","year":"2021","journal-title":"Comput. Secur."},{"issue":"4","key":"10.1016\/j.cose.2025.104682_b64","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1027\/1614-2241\/a000016","article-title":"Is it really robust? Reinvestigating the robustness of ANOVA against violations of the normal distribution assumption","volume":"6","author":"Schmider","year":"2010","journal-title":"Methodology"},{"key":"10.1016\/j.cose.2025.104682_b65","series-title":"RFC 9116: A file format to aid in security vulnerability disclosure \u2014 datatracker.ietf.org","author":"Shafranovich","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b66","series-title":"Cybersecurity statistics report 2022","author":"SiteLock","year":"2022"},{"key":"10.1016\/j.cose.2025.104682_b67","series-title":"23rd USENIX Security Symposium","first-page":"625","article-title":"Automatically detecting vulnerable websites before they turn malicious","author":"Soska","year":"2014"},{"key":"10.1016\/j.cose.2025.104682_b68","series-title":"Proceedings of the 25th Annual Symposium on Network and Distributed System Security","first-page":"1","article-title":"Didn\u2019t you hear me? - Towards more successful web vulnerability notifications","author":"Stock","year":"2018"},{"key":"10.1016\/j.cose.2025.104682_b69","series-title":"25th USENIX Security Symposium","first-page":"1015","article-title":"Hey, you have a problem: On the feasibility of large-scale web vulnerability notification","author":"Stock","year":"2016"},{"key":"10.1016\/j.cose.2025.104682_b70","series-title":"Compromised websites: An owner\u2019s perspective","first-page":"1","author":"StopBadware and Commtouch","year":"2012"},{"key":"10.1016\/j.cose.2025.104682_b71","doi-asserted-by":"crossref","first-page":"251","DOI":"10.56553\/popets-2023-0051","article-title":"How website owners face privacy issues: Thematic analysis of responses from a covert notification study reveals diverse circumstances and challenges","volume":"2023","author":"St\u00f6ver","year":"2023","journal-title":"Proc. Priv. Enhancing Technol."},{"key":"10.1016\/j.cose.2025.104682_b72","series-title":"Fix WordPress pharma hack and SEO","author":"Sundaram","year":"2022"},{"issue":"3","key":"10.1016\/j.cose.2025.104682_b73","doi-asserted-by":"crossref","first-page":"173","DOI":"10.56553\/popets-2023-0076","article-title":"Comparing large-scale privacy and security notifications","volume":"2023","author":"Utz","year":"2023","journal-title":"Proc. Priv. Enhancing Technol."},{"key":"10.1016\/j.cose.2025.104682_b74","series-title":"5th Workshop on Cyber Security Experimentation and Test, CSET \u201912, Bellevue, WA, USA, August 6, 2012","first-page":"1","article-title":"Do malware reports expedite cleanup? An experimental study","author":"Vasek","year":"2012"},{"key":"10.1016\/j.cose.2025.104682_b75","series-title":"Handbuch Medienwirkungsforschung","article-title":"Grundlagen der persuasionsforschung. Konzepte, theorien und zentrale einflussfaktoren","author":"Wirth","year":"2013"},{"key":"10.1016\/j.cose.2025.104682_b76","series-title":"On the feasibility of stealthily introducing vulnerabilities in open-source software via hypocrite commits","author":"Wu","year":"2021"},{"key":"10.1016\/j.cose.2025.104682_b77","unstructured":"Zeng, Eric, Li, Frank, Stark, Emily, Felt, Adrienne Porter, Tabriz, Parisa, 2019. Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications. In: The 2019 Workshop on the Economics of Information Security (2019). Boston, MA, pp. 1\u201319, https:\/\/www.semanticscholar.org\/paper\/Fixing-HTTPS-Misconfigurations-at-Scale%3A-An-with-Zeng-Li\/b22c522c6201f8545e1626deaf6ca43db52444d7."},{"key":"10.1016\/j.cose.2025.104682_b78","series-title":"GLOBECOM 2017 - 2017 IEEE Global Communications Conference","first-page":"1","article-title":"How to notify a vulnerability to the right person? Case study: In an ISP scope","author":"Zhang","year":"2017"},{"key":"10.1016\/j.cose.2025.104682_b79","series-title":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk)","first-page":"1","article-title":"You \u2018might\u2019 be affected: An empirical analysis of readability and usability issues in data breach notifications","author":"Zou","year":"2019"},{"issue":"5","key":"10.1016\/j.cose.2025.104682_b80","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1145\/3689432","article-title":"Encouraging users to change breached passwords using the protection motivation theory","volume":"31","author":"Zou","year":"2024","journal-title":"ACM Trans. Comput. Hum. Interact."}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404825003712?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404825003712?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T00:31:02Z","timestamp":1773275462000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404825003712"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1]]},"references-count":80,"alternative-id":["S0167404825003712"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2025.104682","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,1]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"\u201cI believe it\u2019s incredibly difficult to fight against this flood of spam\u201d: Towards enhancing strategies for creating effective vulnerability notifications","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2025.104682","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2025 The Authors. Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"104682"}}