{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:46:40Z","timestamp":1756385200956,"version":"3.37.3"},"reference-count":38,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2021,6,1]],"date-time":"2021-06-01T00:00:00Z","timestamp":1622505600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,6,1]],"date-time":"2021-06-01T00:00:00Z","timestamp":1622505600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,6,1]],"date-time":"2021-06-01T00:00:00Z","timestamp":1622505600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"CAPES, CNPq and FAPERJ, through grants","award":["E-26\/203.215\/2017","E-26\/211.144\/2019"],"award-info":[{"award-number":["E-26\/203.215\/2017","E-26\/211.144\/2019"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Netw. Serv. Manage."],"published-print":{"date-parts":[[2021,6]]},"DOI":"10.1109\/tnsm.2021.3078727","type":"journal-article","created":{"date-parts":[[2021,5,10]],"date-time":"2021-05-10T20:07:10Z","timestamp":1620677230000},"page":"1305-1320","source":"Crossref","is-referenced-by-count":12,"title":["On the Flow of Software Security Advisories"],"prefix":"10.1109","volume":"18","author":[{"given":"Lucas","family":"Miranda","sequence":"first","affiliation":[]},{"given":"Daniel","family":"Vieira","sequence":"additional","affiliation":[]},{"given":"Leandro Pfleger","family":"de Aguiar","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8953-4003","authenticated-orcid":false,"given":"Daniel Sadoc","family":"Menasche","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6266-4369","authenticated-orcid":false,"given":"Miguel Angelo","family":"Bicudo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8851-8987","authenticated-orcid":false,"given":"Mateus Schulz","family":"Nogueira","sequence":"additional","affiliation":[]},{"given":"Matheus","family":"Martins","sequence":"additional","affiliation":[]},{"given":"Leonardo","family":"Ventura","sequence":"additional","affiliation":[]},{"given":"Lucas","family":"Senos","sequence":"additional","affiliation":[]},{"given":"Enrico","family":"Lovat","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.aci.2017.12.002"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.65"},{"journal-title":"Expected exploitability Predicting the development of functional vulnerability exploits","year":"2021","author":"suciu","key":"ref32"},{"journal-title":"BERT Pre-training of deep bidirectional transformers for language understanding","year":"2018","author":"devlin","key":"ref31"},{"journal-title":"Generating sentences from a continuous space","year":"2015","author":"bowman","key":"ref30"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.3390\/sym12030354"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.3390\/mti3030062"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2019.2935702"},{"key":"ref34","first-page":"124","article-title":"Big data analytics adoption for cybersecurity","volume":"12","author":"rassam","year":"2017","journal-title":"Journal of Info Assurance and Security"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.2298\/CSIS161010010R"},{"key":"ref11","first-page":"430","article-title":"A framework for software security risk evaluation using the vulnerability lifecycle and cvss metrics","author":"joh","year":"2010","journal-title":"Proc Workshop Risk Trust Extended Enterprises"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICCEA.2010.209"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2015.1111961"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.08.004"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9379-3"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196401"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3350546.3352519"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1287\/opre.48.1.38.12446"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2009.5061908"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2016.2646687"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SmartCloud.2019.00030"},{"key":"ref27","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: Exploiting twitter for predicting real-world exploits","author":"sabottke","year":"2015","journal-title":"Proc 24th USENIX Security Symp (USENIX Security)"},{"key":"ref3","first-page":"851","article-title":"Reading the tea leaves: A comparative analysis of threat intelligence","author":"li","year":"2019","journal-title":"Proc 28th USENIX Conf Security Symp"},{"key":"ref6","article-title":"Is vulnerability report confidence redundant? Pitfalls using temporal risk scores","author":"boechat","year":"0","journal-title":"IEEE Security Privacy"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186178"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.145"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1162666.1162671"},{"journal-title":"Exploit prediction scoring system (EPSS)","year":"2019","author":"jacobs","key":"ref7"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3078505.3078524"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227141"},{"journal-title":"Common Vulnerabilities and Exposures","year":"2020","key":"ref1"},{"key":"ref20","first-page":"31","article-title":"Measuring and modeling software vulnerability security advisory platforms","author":"miranda","year":"2020","journal-title":"Proc 15th Int Conf Risks Security Internet Syst"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9781139226424","author":"harchol-balter","year":"2013","journal-title":"Performance Modeling and Design of Computer Systems Queueing Theory in Action"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29381-9_31"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1137\/060664331"},{"journal-title":"Demystifying Markov Clustering","year":"2020","author":"mishra","key":"ref23"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2994539.2994542"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133960"}],"container-title":["IEEE Transactions on Network and Service Management"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/4275028\/9450206\/09427134.pdf?arnumber=9427134","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,26]],"date-time":"2022-12-26T22:59:47Z","timestamp":1672095587000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9427134\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6]]},"references-count":38,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tnsm.2021.3078727","relation":{},"ISSN":["1932-4537","2373-7379"],"issn-type":[{"type":"electronic","value":"1932-4537"},{"type":"electronic","value":"2373-7379"}],"subject":[],"published":{"date-parts":[[2021,6]]}}}