{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:01:33Z","timestamp":1754157693497,"version":"3.41.2"},"reference-count":9,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2005,4,1]],"date-time":"2005-04-01T00:00:00Z","timestamp":1112313600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,4,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>This paper aims to look at unpatched software which represents a significant problem for internet\u2010based systems, with a myriad malware incidents and hacker exploits taking advantage of vulnerable targets. Unfortunately, vulnerability management is a non\u2010trivial task, and is complicated by an increasing number of vulnerabilities and the workload implications associated with handling the associated security advisories and updates.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>As a step towards addressing the problem, this paper presents an automated framework that is designed to provide a vendor\u2010independent means of vulnerability notification and rectification for system administrators.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>In the proposed framework, incoming vulnerability advisory messages may be obtained from multiple sources, and then filtered and prioritised according to the specific requirements of the target environment (as determined by the security administrator). In addition to notification management, the framework provides an automated facility for the download and deployment of any associated patches. The framework has been implemented in prototype form, with particular focus on the notification manager.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>This paper presents an automated framework, providing a valuable and comprehensive solution for managing vulnerabilities in terms of notification and rectification systems.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220510589334","type":"journal-article","created":{"date-parts":[[2005,4,26]],"date-time":"2005-04-26T02:00:06Z","timestamp":1114480806000},"page":"156-166","source":"Crossref","is-referenced-by-count":11,"title":["An automated framework for managing security vulnerabilities"],"prefix":"10.1108","volume":"13","author":[{"given":"A.","family":"Al\u2010Ayed","sequence":"first","affiliation":[]},{"given":"S.M.","family":"Furnell","sequence":"additional","affiliation":[]},{"given":"D.","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"P.S.","family":"Dowland","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022031120232901000_b1","doi-asserted-by":"crossref","unstructured":"Alayed, A., Furnell, S.M. and Barlow, I.M. (2002), \u201cAddressing internet security vulnerabilities: a benchmarking study\u201d, in Ghonaimy, M.A., El\u2010Hadidi, M.T. and Aslan, H.K. (Eds), Security in the Information Society: Visions and Perspectives, Kluwer Academic Publishers, Boston, MA, pp. 121\u201032.","DOI":"10.1007\/978-0-387-35586-3_9"},{"key":"key2022031120232901000_b2","unstructured":"CERT (2004), CERT Statistics 1988\u20102004, CERT Coordination Centre, Pittsburgh, PA, available at: www.cert.org\/stats\/cert_stats.html."},{"key":"key2022031120232901000_b3","unstructured":"eEye (2001), Retina: The Network Security Scanner, eEye\u2010Digital Security, Aliso Viejo, CA, available at: www.eeye.com\/html\/assets\/pdf\/retina_whitepaper.pdf."},{"key":"key2022031120232901000_b4","unstructured":"Forristal, J. and Shipley, G. (2001), \u201cVulnerability assessment scanners: detection result\u201d, Network Computing, 8 January, available at: www.networkcomputing.com\/1201\/1201f1b1.html."},{"key":"key2022031120232901000_b5","unstructured":"Furnell, S.M., Al\u2010Ayed, A., Barlow, I.M. and Dowland, P.S. (2002), \u201cCritical awareness \u2013 the problem of monitoring security vulnerabilities\u201d, Proceedings of European Conference on Information Warfare and Security, Brunel University, Uxbridge, 8\u20109 July, pp. 85\u201092."},{"key":"key2022031120232901000_b6","unstructured":"Goodwin, B. (2004), \u201cUsers face five years of patching pain as security flaws keep rising\u201d, Computer Weekly, 5 October, pp. 1\u20104."},{"key":"key2022031120232901000_b7","unstructured":"Microsoft Corporation (2003), \u201cMicrosoft Strategic Technology Protection Program\u201d, 2 July, available at: www.microsoft.com\/security\/mstpp.asp."},{"key":"key2022031120232901000_b8","unstructured":"SANS Institute (2004), \u201cSANS @RISK: the consensus security alert\u201d, available at: www.sans.org\/newsletters\/risk\/."},{"key":"key2022031120232901000_b9","unstructured":"Symantec (2004), \u201cSymantec internet security threat report\u201d, Volumes I\u2010VI, Symantec, September, available at: http:\/\/enterprisesecurity.symantec.com\/content.cfm?articleid=1539."}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220510589334","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510589334\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510589334\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:08:53Z","timestamp":1753402133000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/13\/2\/156-166\/183975"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,4,1]]},"references-count":9,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2005,4,1]]}},"alternative-id":["10.1108\/09685220510589334"],"URL":"https:\/\/doi.org\/10.1108\/09685220510589334","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2005,4,1]]}}}