{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T04:02:18Z","timestamp":1781064138852,"version":"3.54.1"},"reference-count":52,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2022,11,1]],"date-time":"2022-11-01T00:00:00Z","timestamp":1667260800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2022,11,1]],"date-time":"2022-11-01T00:00:00Z","timestamp":1667260800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2022,11,1]],"date-time":"2022-11-01T00:00:00Z","timestamp":1667260800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,11,1]],"date-time":"2022-11-01T00:00:00Z","timestamp":1667260800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Global Research Lab."},{"DOI":"10.13039\/501100001321","name":"National Research Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001321","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Information and Communication Technologies and Future Planning","award":["NRF-2016K1A1A2912757"],"award-info":[{"award-number":["NRF-2016K1A1A2912757"]}]},{"DOI":"10.13039\/501100008982","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2007153"],"award-info":[{"award-number":["CNS-2007153"]}],"id":[{"id":"10.13039\/501100008982","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Commonwealth Cyber Initiative"},{"name":"UCF"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2022,11,1]]},"DOI":"10.1109\/tdsc.2021.3125270","type":"journal-article","created":{"date-parts":[[2021,11,4]],"date-time":"2021-11-04T19:26:33Z","timestamp":1636053993000},"page":"4255-4269","source":"Crossref","is-referenced-by-count":56,"title":["Cleaning the NVD: Comprehensive Quality Assessment, Improvements, and Analyses"],"prefix":"10.1109","volume":"19","author":[{"given":"Afsah","family":"Anwar","sequence":"first","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5032-3412","authenticated-orcid":false,"given":"Ahmed","family":"Abusnaina","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Central Florida (UCF), Orlando, FL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4650-7125","authenticated-orcid":false,"given":"Songqing","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Computer Science, George Mason University, Fairfax, VA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Frank","family":"Li","sequence":"additional","affiliation":[{"name":"School of Electrical & Computer Engineering (ECE), Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3227-2505","authenticated-orcid":false,"given":"David","family":"Mohaisen","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Central Florida (UCF), Orlando, FL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","article-title":"Securityfocus","year":"2019"},{"key":"ref38","article-title":"Security tracker","year":"2019"},{"key":"ref33","article-title":"Cwe","year":"2019"},{"key":"ref32","article-title":"CVE","year":"2019"},{"key":"ref31","article-title":"NVD","year":"2019"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2895963"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_6"},{"key":"ref36","article-title":"Common platform enumeration (CPE)","year":"2019"},{"key":"ref35","article-title":"Common vulnerability scoring system v3.0: User guide","year":"2019"},{"key":"ref34","article-title":"Vulnerability metrics","year":"2021"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.15"},{"key":"ref27","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits","author":"sabottke","year":"2015","journal-title":"Proc 24th USENIX Secur Symp"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622299"},{"key":"ref2","year":"2019"},{"key":"ref1","year":"2019"},{"key":"ref20","first-page":"1033","article-title":"You’ve got vulnerability: Exploring effective vulnerability notifications","author":"li","year":"2015","journal-title":"Proc 25th USENIX Secur Symp"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660372"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813704"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23088-2_15"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455780"},{"key":"ref26","first-page":"903","article-title":"From patching delays to infection symptoms: Using risk profiles for an early discovery of vulnerabilities exploited in the wild","author":"xiao","year":"2018","journal-title":"Proc 27th USENIX Secur Symp"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00003"},{"key":"ref50","article-title":"The national vulnerability database (NVD) explained","author":"emmitt","year":"2021"},{"key":"ref51","article-title":"News","year":"2019"},{"key":"ref52","article-title":"Equifax, apache struts, and CVE-2017–5638 vulnerability","year":"2020"},{"key":"ref10","article-title":"WannaCry” ransomware attack losses could reach $4 billion","author":"berr","year":"2019"},{"key":"ref11","first-page":"919","article-title":"Understanding the reproducibility of crowd-reported security vulnerabilities","author":"mu","year":"2018","journal-title":"Proc 27th USENIX Secur Symp"},{"key":"ref40","article-title":"H.323. Deskphone and IP Conference Phone DHCP security update (CVE-2011–0997 and CVE-2009-0692)","year":"2019"},{"key":"ref12","first-page":"869","article-title":"Towards the detection of inconsistencies in public security vulnerability reports","author":"dong","year":"2019","journal-title":"Proc 28th USENIX Secur Symp"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484377"},{"key":"ref14","article-title":"Json data feed changelog","year":"2019"},{"key":"ref15","article-title":"Buying into the bias: Why vulnerability statistics suck","volume":"1","author":"christey","year":"2013","journal-title":"BlackHat"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227141"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920299"},{"key":"ref18","first-page":"93","article-title":"Milk or wine: Does software security improve with age?","author":"ozment","year":"2006","journal-title":"Proc 15th USENIX Secur Symp"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23171"},{"key":"ref4","year":"2019"},{"key":"ref3","year":"2019"},{"key":"ref6","year":"2019"},{"key":"ref5","year":"2019"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01701-9_21"},{"key":"ref7","first-page":"137","article-title":"The common vulnerability scoring system (CVSS) generations–usefulness and deficiencies","author":"attila","year":"2016","journal-title":"Proc Információs Társadalomért Alapítvány"},{"key":"ref49","article-title":"Redscan analysis of nist NVD reveals record number of critical and high severity vulnerabilities in 2020","year":"2021"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"ref46","article-title":"CWE - Frequently Asked Questions (FAQ)","year":"2019"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176340"},{"key":"ref48","article-title":"CWE list version 3.4","year":"2019"},{"key":"ref47","article-title":"Universal-sentence-encoder","year":"2019"},{"key":"ref42","article-title":"Ransomware: Cyber criminals are still exploiting these old vulnerabilities, so patch now","author":"palmer","year":"2021"},{"key":"ref41","article-title":"Threat actors remember the vulnerabilities we forget","year":"2019"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1162\/089976699300016728"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.04.012"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8858\/9945627\/9601266-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/9945627\/09601266.pdf?arnumber=9601266","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,12]],"date-time":"2022-12-12T19:23:22Z","timestamp":1670873002000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9601266\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,1]]},"references-count":52,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2021.3125270","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,1]]}}}