{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T15:42:07Z","timestamp":1781019727078,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2006,9,11]]},"DOI":"10.1145\/1162666.1162671","type":"proceedings-article","created":{"date-parts":[[2006,10,18]],"date-time":"2006-10-18T22:04:00Z","timestamp":1161209040000},"page":"131-138","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":142,"title":["Large-scale vulnerability analysis"],"prefix":"10.1145","author":[{"given":"Stefan","family":"Frei","sequence":"first","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Martin","family":"May","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ulrich","family":"Fiedler","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bernhard","family":"Plattner","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2006,9,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"NVD \"National vulnerability database \" http:\/\/nvd.nist.gov\/.  NVD \"National vulnerability database \" http:\/\/nvd.nist.gov\/."},{"key":"e_1_3_2_1_2_1","unstructured":"OSVDB \"The open source vulnerability database \" http:\/\/www.osvdb.org\/.  OSVDB \"The open source vulnerability database \" http:\/\/www.osvdb.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"CERT \"Computer emergency response team coordination center \" http:\/\/www.cert.org\/.  CERT \"Computer emergency response team coordination center \" http:\/\/www.cert.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"SF \"Securityfocus \" http:\/\/www.securityfocus.com\/.  SF \"Securityfocus \" http:\/\/www.securityfocus.com\/."},{"key":"e_1_3_2_1_5_1","unstructured":"ISS \"Internet security systems \" http:\/\/www.iss.net\/.  ISS \"Internet security systems \" http:\/\/www.iss.net\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Secunia \"Vulnerability and virus information \" http:\/\/secunia.com\/.  Secunia \"Vulnerability and virus information \" http:\/\/secunia.com\/."},{"key":"e_1_3_2_1_7_1","unstructured":"FrSirt \"French security incident response team \" http:\/\/www.frsirt.com\/.  FrSirt \"French security incident response team \" http:\/\/www.frsirt.com\/."},{"key":"e_1_3_2_1_8_1","unstructured":"R. Anderson \"Why information security is hard-an economic perspective \" In Proceedings of 17th Annual Computer Security Applications Conference (ACSAC) 2001.   R. Anderson \"Why information security is hard-an economic perspective \" In Proceedings of 17th Annual Computer Security Applications Conference (ACSAC) 2001."},{"key":"e_1_3_2_1_9_1","unstructured":"B. Schneier \"Cryptogram September 2000 - full disclosure and the window of exposure.\" http:\/\/www.schneier.com\/crypto-gram-0009.html 2000.  B. Schneier \"Cryptogram September 2000 - full disclosure and the window of exposure.\" http:\/\/www.schneier.com\/crypto-gram-0009.html 2000."},{"key":"e_1_3_2_1_10_1","unstructured":"Organization for Internet Safety \"Guidelines for security vulnerability reporting and response - 2004 \" http:\/\/www.oisafety.org\/guidelines\/ 2004.  Organization for Internet Safety \"Guidelines for security vulnerability reporting and response - 2004 \" http:\/\/www.oisafety.org\/guidelines\/ 2004."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.889093"},{"key":"e_1_3_2_1_12_1","unstructured":"Ashish Arora Ramayya Krishnan Anand Nandkumar Rahul Telang and Yubao Yang \"Impact of vulnerability disclosure and patch availability - empirical analysis \" in Proceedings of the Third Annual Workshop on Economics and Information Security (WEIS04) 2004.  Ashish Arora Ramayya Krishnan Anand Nandkumar Rahul Telang and Yubao Yang \"Impact of vulnerability disclosure and patch availability - empirical analysis \" in Proceedings of the Third Annual Workshop on Economics and Information Security (WEIS04) 2004."},{"key":"e_1_3_2_1_13_1","volume-title":"Carnegie Mellon University","author":"Arora Ashish","year":"2005","unstructured":"Ashish Arora , Ramayya Krishnan , Rahul Telang , and Yubao Yang , \"An empirical analysis of vendor response to disclosure policy,\" Tech. Rep ., Carnegie Mellon University , March 2005 . Ashish Arora, Ramayya Krishnan, Rahul Telang, and Yubao Yang, \"An empirical analysis of vendor response to disclosure policy,\" Tech. Rep., Carnegie Mellon University, March 2005."},{"key":"e_1_3_2_1_15_1","unstructured":"Qualys Research Report 2005 \"Laws of vulnerabilities \" http:\/\/www.qualys.com\/docs\/Laws-Report.pdf 2005.  Qualys Research Report 2005 \"Laws of vulnerabilities \" http:\/\/www.qualys.com\/docs\/Laws-Report.pdf 2005."},{"key":"e_1_3_2_1_16_1","volume-title":"ii, iii,\" http:\/\/blog.washingtonpost.com\/securityfix\/","author":"Krebs B.","year":"2006","unstructured":"B. Krebs , \" Securityfix i , ii, iii,\" http:\/\/blog.washingtonpost.com\/securityfix\/ , 2006 . B. Krebs, \"Securityfix i, ii, iii,\" http:\/\/blog.washingtonpost.com\/securityfix\/, 2006."},{"key":"e_1_3_2_1_17_1","volume-title":"Emerging issues in responsible vulnerability disclosure,\" in In the proceedings of WITS","author":"Cavusoglu Hasan","year":"2004","unstructured":"Hasan Cavusoglu , Huseyin Cavusoglu , and S. Raghunathan , \" Emerging issues in responsible vulnerability disclosure,\" in In the proceedings of WITS 2004 , 2004. Hasan Cavusoglu, Huseyin Cavusoglu, and S. Raghunathan, \"Emerging issues in responsible vulnerability disclosure,\" in In the proceedings of WITS 2004, 2004."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Karthik Kannan and Rahul Telang \"An economic analysis of market for software vulnerabilities \" http:\/\/www.dtc.umn.edu\/weis2004\/kannan-telang.pdf 2004.   Karthik Kannan and Rahul Telang \"An economic analysis of market for software vulnerabilities \" http:\/\/www.dtc.umn.edu\/weis2004\/kannan-telang.pdf 2004.","DOI":"10.1109\/HICSS.2004.1265430"},{"key":"e_1_3_2_1_19_1","unstructured":"Full Disclosure \"Full disclosure mailing list \" http:\/\/lists.grok.org.uk\/full-disclosure-charter.html.  Full Disclosure \"Full disclosure mailing list \" http:\/\/lists.grok.org.uk\/full-disclosure-charter.html."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1022594.1022629"},{"key":"e_1_3_2_1_21_1","unstructured":"CVE \"Common vulnerabilities and exposures list (cve) \" http:\/\/cve.mitre.org\/cve\/.  CVE \"Common vulnerabilities and exposures list (cve) \" http:\/\/cve.mitre.org\/cve\/."},{"key":"e_1_3_2_1_22_1","unstructured":"CVSS \"Common vulnerability scoring system (cvss) \" http:\/\/www.first.org\/cvss\/.  CVSS \"Common vulnerability scoring system (cvss) \" http:\/\/www.first.org\/cvss\/."},{"key":"e_1_3_2_1_23_1","unstructured":"NGS \"Ngs software \" http:\/\/www.ngssoftware.com\/advisory.htm.  NGS \"Ngs software \" http:\/\/www.ngssoftware.com\/advisory.htm."},{"key":"e_1_3_2_1_24_1","unstructured":"eEye \"eeye digital security \" http:\/\/www.eeye.com\/html\/research\/advisories\/index.html.  eEye \"eeye digital security \" http:\/\/www.eeye.com\/html\/research\/advisories\/index.html."},{"key":"e_1_3_2_1_25_1","unstructured":"iDefense \"idefense \" http:\/\/www.idefense.com\/intelligence\/vulnerabilities\/.  iDefense \"idefense \" http:\/\/www.idefense.com\/intelligence\/vulnerabilities\/."},{"key":"e_1_3_2_1_26_1","unstructured":"milw0rm \"Milw0rm exploit archive \" http:\/\/www.milw0rm.com.  milw0rm \"Milw0rm exploit archive \" http:\/\/www.milw0rm.com."},{"key":"e_1_3_2_1_27_1","unstructured":"PacketStorm \"Packetstorm security \" http:\/\/www.packetstormsecurity.org\/assess\/exploits\/.  PacketStorm \"Packetstorm security \" http:\/\/www.packetstormsecurity.org\/assess\/exploits\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Metasploit \"Metasploit project \" http:\/\/www.metasploit.com.  Metasploit \"Metasploit project \" http:\/\/www.metasploit.com."},{"key":"e_1_3_2_1_29_1","series-title":"Wiley Series in Probability and Mathematical Statistics","volume-title":"Continuous Univariante Distributions","author":"Krishnamurthy B.","year":"1994","unstructured":"B. Krishnamurthy and J. Rexford , Continuous Univariante Distributions , vol. 1 , Wiley Series in Probability and Mathematical Statistics , 2 edition, 1994 . B. Krishnamurthy and J. Rexford, Continuous Univariante Distributions, vol. 1, Wiley Series in Probability and Mathematical Statistics, 2 edition, 1994."},{"key":"e_1_3_2_1_30_1","unstructured":"Stefan Frei \"The speed of (in)security web site \" http:\/\/www.techzoom.net\/risk\/.  Stefan Frei \"The speed of (in)security web site \" http:\/\/www.techzoom.net\/risk\/."}],"event":{"name":"SIGCOMM06: ACM SIGCOMM 2006 Conference","location":"Pisa Italy","acronym":"SIGCOMM06"},"container-title":["Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1162666.1162671","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T11:36:32Z","timestamp":1673523392000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1162666.1162671"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,9,11]]},"references-count":29,"alternative-id":["10.1145\/1162666.1162671","10.1145\/1162666"],"URL":"https:\/\/doi.org\/10.1145\/1162666.1162671","relation":{},"subject":[],"published":{"date-parts":[[2006,9,11]]},"assertion":[{"value":"2006-09-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}