{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T15:26:18Z","timestamp":1776093978891,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T00:00:00Z","timestamp":1729728000000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DGE1255832, CNS-1900873, CNS-2039146, CNS-2106517, CNS-2312709, CNS-2319367"],"award-info":[{"award-number":["DGE1255832, CNS-1900873, CNS-2039146, CNS-2106517, CNS-2312709, CNS-2319367"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624810","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"236-252","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["The CVE Wayback Machine: Measuring Coordinated Disclosure from Exploits against Two Years of Zero-Days"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2197-9137","authenticated-orcid":false,"given":"Eric","family":"Pauley","sequence":"first","affiliation":[{"name":"University of Wisconsin-Madison, Madison, WI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7874-1819","authenticated-orcid":false,"given":"Paul","family":"Barford","sequence":"additional","affiliation":[{"name":"University of Wisconsin-Madison, Madison, WI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2091-7484","authenticated-orcid":false,"given":"Patrick","family":"McDaniel","sequence":"additional","affiliation":[{"name":"University of Wisconsin-Madison, Madison, WI, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Tim Grube, and Max M\u00fchlh\u00e4user.","author":"Alexopoulos Nikolaos","year":"2022","unstructured":"Nikolaos Alexopoulos, Manuel Brack, Jan Philipp Wagner, Tim Grube, and Max M\u00fchlh\u00e4user. 2022. How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes. en. In 359--376. isbn: 978-1-939133-31-1. https:\/\/www.usenix.org\/conference\/u senixsecurity22\/presentation\/alexopoulos."},{"key":"e_1_3_2_1_2_1","unstructured":"Manos Antonakakis et al. 2017. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17) 1093--1110."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.889093"},{"key":"e_1_3_2_1_4_1","volume-title":"Other Malware. en-US. (Sept.","year":"2022","unstructured":"2022. Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware. en-US. (Sept. 2022). https:\/\/www.trendmic ro.com\/en_us\/research\/22\/i\/atlassian-confluence-vulnerability-cve-2022-26 134-abused-for-cryptocurrency-mining-other-malware.html."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"e_1_3_2_1_6_1","volume-title":"Amazon Web Services posts record $13.5B in *profits* for 2020 in Andy Jassy's AWS swan song. en-US. (Feb","author":"Bishop Todd","year":"2021","unstructured":"Todd Bishop. 2021. Amazon Web Services posts record $13.5B in *profits* for 2020 in Andy Jassy's AWS swan song. en-US. (Feb. 2021). https:\/\/www.geekwi re.com\/2021\/amazon-web-services-posts-record-13-5b-profits-2020-andy-j assys-aws-swan-song\/."},{"key":"e_1_3_2_1_7_1","unstructured":"blinded for submission. 2023. Gamma (name blinded for submission). In Available on request."},{"key":"e_1_3_2_1_8_1","volume-title":"Approaches and Techniques for Fingerprinting and Attributing Probing Activities by Observing Network Telescopes. en. phd","author":"Bou-Harb Elias","year":"2015","unstructured":"Elias Bou-Harb. 2015. Approaches and Techniques for Fingerprinting and Attributing Probing Activities by Observing Network Telescopes. en. phd. Concordia University, (June 2015). https:\/\/spectrum.library.concordia.ca\/id\/eprint\/980132 \/."},{"key":"e_1_3_2_1_9_1","unstructured":"[n. d.] Bugtraq Mailing List. (). https:\/\/seclists.org\/bugtraq\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3041008.3041009"},{"key":"e_1_3_2_1_11_1","volume-title":"Zero-Day Exploitation of Atlassian Confluence | Volexity. en-US. (June","author":"Case Andrew","year":"2022","unstructured":"Andrew Case, Sean Koessel, Steven Adair, and Thomas Lancaster. 2022. Zero-Day Exploitation of Atlassian Confluence | Volexity. en-US. (June 2022). https: \/\/www.volexity.com\/blog\/2022\/06\/02\/zero-day-exploitation-of-atlassian-co nfluence\/."},{"key":"e_1_3_2_1_12_1","unstructured":"[n. d.] CERT Coordination Center. (). https:\/\/www.kb.cert.org."},{"key":"e_1_3_2_1_13_1","unstructured":"[n. d.] Coordinated Vulnerability Disclosure Process | CISA. en. (). https:\/\/ww w.cisa.gov\/coordinated-vulnerability-disclosure-process."},{"key":"e_1_3_2_1_14_1","volume-title":"What constitutes disclosure of a kernel vulnerability? (June","author":"Corbet Jonathan","year":"2022","unstructured":"Jonathan Corbet. 2022. What constitutes disclosure of a kernel vulnerability? (June 2022). https:\/\/lwn.net\/Articles\/896829\/."},{"key":"e_1_3_2_1_15_1","unstructured":"[n. d.] CVE - CVE. (). https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_16_1","volume-title":"Modeling the security ecosystem-the dynamics of (in) security. Economics of Information Security and Privacy, 79--106","author":"Frei Stefan","unstructured":"Stefan Frei, Dominik Schatzmann, Bernhard Plattner, and Brian Trammell. 2010. Modeling the security ecosystem-the dynamics of (in) security. Economics of Information Security and Privacy, 79--106. Publisher: Springer."},{"key":"e_1_3_2_1_17_1","unstructured":"Raphael Hiesgen Marcin Nawrocki Thomas C Schmidt and Matthias Wahlisch. [n. d.] The Race to the Vulnerable: Measuring the Log4j Shell Incident. en 9."},{"key":"e_1_3_2_1_18_1","unstructured":"S. Hills. 2013. Considerations and recommendations concerning internet research and human subjects research regulations with revisions. HHS. gov."},{"key":"e_1_3_2_1_19_1","unstructured":"Allen Householder and Jonathan Spring. 2021. A State-Based Model for Multi-Party Coordinated Vulnerability Disclosure (MPCVD)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477431"},{"key":"e_1_3_2_1_21_1","volume-title":"The ?most serious' security breach ever is unfolding right now. Here's what you need to know. en. Section: Technology. (Dec","author":"Hunter Tatum","year":"2021","unstructured":"Tatum Hunter and Gerrit De Vynck. 2021. The ?most serious' security breach ever is unfolding right now. Here's what you need to know. en. Section: Technology. (Dec. 2021). https:\/\/www.washingtonpost.com\/technology\/2021\/12\/20 \/log4j-hack-vulnerability-java\/."},{"key":"e_1_3_2_1_22_1","unstructured":"[n. d.] Known Exploited Vulnerabilities Catalog | CISA. en. (). https:\/\/www.cis a.gov\/known-exploited-vulnerabilities-catalog."},{"key":"e_1_3_2_1_23_1","volume-title":"Open Source Business Resource","author":"Kouns Jake","year":"2008","unstructured":"Jake Kouns. 2008. Open Source Vulnerability Database Project. Open Source Business Resource, June 2008."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978387"},{"key":"e_1_3_2_1_26_1","volume-title":"Common weakness enumeration","author":"Martin Robert A.","unstructured":"Robert A. Martin. 2007. Common weakness enumeration. Mitre Corporation, 24."},{"key":"e_1_3_2_1_27_1","volume-title":"d.] The Merit Network","unstructured":"[n. d.] The Merit Network, Inc. ORION. en-US. https:\/\/www.merit.edu. ()."},{"key":"e_1_3_2_1_28_1","unstructured":"[n. d.] Metasploit | Penetration Testing Software Pen Testing Security. en. (). https:\/\/www.metasploit.com\/."},{"key":"e_1_3_2_1_29_1","volume-title":"Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation -Intelligence for Vulnerability Management, Part Two. en. (Apr.","author":"Metrick Kathleen","year":"2020","unstructured":"Kathleen Metrick, Jared Semrau, and Shambavi Sadayappan. 2020. Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation -Intelligence for Vulnerability Management, Part Two. en. (Apr. 2020). https: \/\/www.mandiant.com\/resources\/blog\/time-between-disclosure-patch-releas e-and-vulnerability-exploitation."},{"key":"e_1_3_2_1_30_1","unstructured":"[n. d.] Microsoft - Security Update Guide FAQs. en-us. (). https:\/\/www.micros oft.com\/en-us\/msrc\/faqs-security-update-guide."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808691"},{"key":"e_1_3_2_1_32_1","unstructured":"[n. d.] NVD - Home. (). https:\/\/nvd.nist.gov\/."},{"key":"e_1_3_2_1_33_1","unstructured":"[n. d.] Offensive Security's Exploit Database Archive. en. (). https:\/\/www.expl oit-db.com\/."},{"key":"e_1_3_2_1_34_1","unstructured":"[n. d.] Official Snort Ruleset covering the most emerging threats. (). https:\/\/w ww.snort.org\/products."},{"key":"e_1_3_2_1_35_1","unstructured":"[n. d.] Packet Storm. (). https:\/\/packetstormsecurity.com\/."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028794"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/e"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.00094"},{"key":"e_1_3_2_1_39_1","volume-title":"Update now or later? Effects of experience, cost, and risk preference on update decisions. Journal of Cybersecurity, 6, 1, tyaa002","author":"Rajivan Prashanth","unstructured":"Prashanth Rajivan, Efrat Aharonov-Majar, and Cleotilde Gonzalez. 2020. Update now or later? Effects of experience, cost, and risk preference on update decisions. Journal of Cybersecurity, 6, 1, tyaa002. Publisher: Oxford University Press."},{"key":"e_1_3_2_1_40_1","volume-title":"Report a security or privacy vulnerability. en. (Jan","year":"2023","unstructured":"2023. Report a security or privacy vulnerability. en. (Jan. 2023). https:\/\/support.apple.com\/en-us\/HT201220."},{"key":"e_1_3_2_1_41_1","unstructured":"Martin Roesch. 1999. Snort - Lightweight Intrusion Detection for Networks. en 11."},{"key":"e_1_3_2_1_42_1","first-page":"1067","volume-title":"Proceedings of the 34th International Conference on Software Engineering (ICSE '12)","author":"Shahzad Muhammad","year":"2012","unstructured":"Muhammad Shahzad, Muhammad Zubair Shafiq, and Alex X. Liu. 2012. A large scale exploratory analysis of software vulnerability life cycles. In Proceedings of the 34th International Conference on Software Engineering (ICSE '12). IEEE Press, Zurich, Switzerland, (June 2012), 771--781. isbn: 978-1-4673-1067-3."},{"key":"e_1_3_2_1_43_1","volume-title":"The 20th Annual Workshop on the Economics of Information Security.","author":"Sridhar Kiran","unstructured":"Kiran Sridhar, Allen Householder, Jonathan Spring, and Daniel W. Woods. 2021. Cybersecurity Information Sharing: Analysing an Email Corpus of Coordinated Vulnerability Disclosure. In The 20th Annual Workshop on the Economics of Information Security."},{"key":"e_1_3_2_1_44_1","unstructured":"Octavian Suciu Connor Nelson Zhuoer Lyu Tiffany Bao and Tudor Dumitras . 2022. Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits. en. In 377--394. isbn: 978-1-939133-31-1. https:\/\/www.usen ix.org\/conference\/usenixsecurity22\/presentation\/suciu."},{"key":"e_1_3_2_1_45_1","unstructured":"[n. d.] Talos - Author of the Official Snort Rule Sets. (). https:\/\/www.snort.org \/talos."},{"key":"e_1_3_2_1_46_1","unstructured":"Johannes Ullrich. [n. d.] DShield - SANS.edu Internet Storm Center. en. (). http:\/\/www.dshield.org\/index_dyn.html."},{"key":"e_1_3_2_1_47_1","unstructured":"[n. d.] Vulnerabilities - Security Update Guide - Microsoft. (). https:\/\/msrc.micr osoft.com\/update-guide\/vulnerability."},{"key":"e_1_3_2_1_48_1","unstructured":"[n. d.] Vulnerability Reports - Latest network security threats and zeroday dis-coveries || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence.. https:\/\/www.talosintelligence.com\/vulnerability_reports."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","unstructured":"T. Walshe and A. C. Simpson. 2022. Coordinated Vulnerability Disclosure programme effectiveness: Issues and recommendations. en. Computers & Security 123 (Dec. 2022) 102936. doi: 10.1016\/j.cose.2022.102936.","DOI":"10.1016\/j.cose.2022.102936"},{"key":"e_1_3_2_1_50_1","unstructured":"Vinod Yegneswaran Paul Barford and Vern Paxson. [n. d.] Using Honeynets for Internet Situational Awareness. en."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590300"}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","location":"Montreal QC Canada","acronym":"IMC '23","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624810","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624810","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624810","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:16:32Z","timestamp":1755868592000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624810"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":51,"alternative-id":["10.1145\/3618257.3624810","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624810","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}