{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:53:51Z","timestamp":1772042031631,"version":"3.50.1"},"reference-count":30,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009,10]]},"DOI":"10.1109\/esem.2009.5314230","type":"proceedings-article","created":{"date-parts":[[2009,11,16]],"date-time":"2009-11-16T23:27:02Z","timestamp":1258414022000},"page":"535-544","source":"Crossref","is-referenced-by-count":81,"title":["Improving CVSS-based vulnerability prioritization and response with context information"],"prefix":"10.1109","author":[{"given":"Christian","family":"Fruhwirth","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tomi","family":"Mannisto","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"19","article-title":"std","year":"2005"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1109\/EEE.2005.86"},{"key":"18","article-title":"the effect of information security incidents on corporate values in the japanese stock market","author":"ishiguro","year":"2006","journal-title":"International Workshop on the Economics of Securing the Information Infrastructure (WESII)"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"key":"16","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","article-title":"design science in information systems research","volume":"28","author":"hevner","year":"2004","journal-title":"Management Information Systems Quarterly"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1145\/1162666.1162671"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02152-7_28"},{"key":"11","year":"0","journal-title":"Information Systems Audit and Control Association"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2005.09.005"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2007.03.007"},{"key":"20","year":"2007","journal-title":"The Open Guide ITIL Incident Management"},{"key":"22","article-title":"a complete guide to the common vulnerability scoring system version 2.0","author":"mell","year":"2007","journal-title":"FIRST-Forum of Incident Response and Security Teams"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1145\/1083091.1083099"},{"key":"24","year":"0"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.4"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2004.1265566"},{"key":"27","first-page":"67","author":"rieke","year":"2006","journal-title":"Modelling and Analysing Network Security Policies in a Given Vulnerability Setting"},{"key":"28","first-page":"45","article-title":"return on security investment (rosi)-a practical quantitative model","volume":"38","author":"sonnenreich","year":"2006","journal-title":"Journal of Research and Practice in Information Technology"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMP.2008.34"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"2","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1007\/11535706_21","article-title":"security vulnerabilities in software systems: a quantitative perspective","volume":"3654","author":"alhazmi","year":"2005","journal-title":"Lecture Notes in Computer Science"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2007.601"},{"key":"1","doi-asserted-by":"publisher","DOI":"10.1109\/MWSCAS.2003.1562323"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70712"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1109\/BDIM.2006.1649207"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2008.02.002"},{"key":"5","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1016\/j.cose.2005.02.002","article-title":"information security governance: cobit or iso 17799 or both?","volume":"24","author":"basie","year":"2005","journal-title":"Computers & Security"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1126\/science.1130992"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/ICSECOMPANION.2007.69"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1145\/1005817.1005828"}],"event":{"name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement (ESEM)","location":"Lake Buena Vista, FL, USA","start":{"date-parts":[[2009,10,15]]},"end":{"date-parts":[[2009,10,16]]}},"container-title":["2009 3rd International Symposium on Empirical Software Engineering and Measurement"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/5306516\/5314212\/05314230.pdf?arnumber=5314230","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,23]],"date-time":"2019-05-23T22:09:41Z","timestamp":1558649381000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/5314230\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,10]]},"references-count":30,"URL":"https:\/\/doi.org\/10.1109\/esem.2009.5314230","relation":{},"subject":[],"published":{"date-parts":[[2009,10]]}}}