{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,22]],"date-time":"2026-03-22T09:11:17Z","timestamp":1774170677095,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"European Regional Development Fund","doi-asserted-by":"publisher","award":["T2EDK-03093"],"award-info":[{"award-number":["T2EDK-03093"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"European Commission","doi-asserted-by":"publisher","award":["101128024"],"award-info":[{"award-number":["101128024"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,30]]},"DOI":"10.1145\/3664476.3670915","type":"proceedings-article","created":{"date-parts":[[2024,7,25]],"date-time":"2024-07-25T12:35:50Z","timestamp":1721910950000},"page":"1-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Evaluating Cybersecurity Risk: A Comprehensive Comparison of Vulnerability Scoring Methodologies"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-9976-0814","authenticated-orcid":false,"given":"Konstantina","family":"Milousi","sequence":"first","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8336-8955","authenticated-orcid":false,"given":"Prodromos","family":"Kiriakidis","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3588-1007","authenticated-orcid":false,"given":"Notis","family":"Mengidis","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-6470-5401","authenticated-orcid":false,"given":"Georgios","family":"Rizos","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0899-7736","authenticated-orcid":false,"given":"Mariana S.","family":"Mazi","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4012-8511","authenticated-orcid":false,"given":"Antonis","family":"Voulgaridis","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6381-8326","authenticated-orcid":false,"given":"Konstantinos","family":"Votis","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6915-6722","authenticated-orcid":false,"given":"Dimitrios","family":"Tzovaras","sequence":"additional","affiliation":[{"name":"Visual Analytics Lab, CERTH-ITI, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[1] CSRC Content Editor. (n.d.). vulnerability - Glossary | CSRC. https:\/\/csrc.nist.gov\/glossary\/term\/vulnerability"},{"key":"e_1_3_2_1_2_1","unstructured":"[2] Vulnerabilities Threats and Risks Explained | Office of Information Security | Washington University in St. Louis. (n.d.). Informationsecurity.wustl.edu. https:\/\/informationsecurity.wustl.edu\/vulnerabilities-threats-and-risks-explained\/"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.2147\/mder.s50048"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341105.3374099"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics11091334"},{"key":"e_1_3_2_1_6_1","unstructured":"[6] FIRST. (n.d.). Common Vulnerability Scoring System. Retrieved from https:\/\/www.first.org\/cvss\/"},{"key":"e_1_3_2_1_7_1","volume-title":"Cybersecurity vulnerability management: An ontology-based conceptual model","author":"Syed R.","year":"2018","unstructured":"[7] Syed, R., & Zhong, H. (2018). Cybersecurity vulnerability management: An ontology-based conceptual model."},{"key":"e_1_3_2_1_8_1","volume-title":"System safety engineering and risk assessment: a practical approach","author":"Bahr N. J.","year":"2014","unstructured":"[8] Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC press."},{"issue":"3","key":"e_1_3_2_1_9_1","first-page":"29","article-title":"Enterprise Vulnerability Management and Its Role in Information Security Management","volume":"14","author":"Nyanchama M.","year":"2005","unstructured":"[9] Nyanchama, M. (2005). Enterprise Vulnerability Management and Its Role in Information Security Management. Inf. Secur. J. A Glob. Perspect., 14(3), 29-56.","journal-title":"Inf. Secur. J. A Glob. Perspect."},{"key":"e_1_3_2_1_10_1","volume-title":"A Complete Guide to the Common Vulnerability Scoring System Version 2.0","author":"Mell P.","year":"2007","unstructured":"[10] Mell, P., Scarfone, K., & Romanosky, S. (2007). A Complete Guide to the Common Vulnerability Scoring System Version 2.0. National Institute of Standards and Technology, Carnegie Mellon University."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2010.04.006"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491845.2491871"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103256"},{"key":"e_1_3_2_1_14_1","unstructured":"[14] Common Vulnerability Scoring System version 3.1 Specification Document Revision 1. Retrieved from https:\/\/www.first.org\/cvss\/v3.1\/specification-document."},{"key":"e_1_3_2_1_15_1","unstructured":"[15] Common Vulnerability Scoring System version 4.0 Specification Document (Document Version 1.1). Retrieved from https:\/\/www.first.org\/cvss\/v4.0\/specification-document."},{"key":"e_1_3_2_1_16_1","volume-title":"Document version 1.0.1).","author":"The MITRE Corporation","year":"2014","unstructured":"[16] The MITRE Corporation. (2014). Common Weakness Scoring System (CWSS) (CWSS version 1.0.1, Document version 1.0.1). Retrieved from https:\/\/cwe.mitre.org\/cwss\/."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs:20060055"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.3015551"},{"issue":"2","key":"e_1_3_2_1_19_1","first-page":"579","article-title":"PVL: a novel metric for single vulnerability rating and its application in IMS","volume":"8","author":"Wang Y.","year":"2012","unstructured":"[19] Wang, Y., & Yang, Y. (2012). PVL: a novel metric for single vulnerability rating and its application in IMS. Journal of Computational Information Systems, 8(2), 579-590.","journal-title":"Journal of Computational Information Systems"},{"issue":"8","key":"e_1_3_2_1_20_1","first-page":"458","article-title":"A medical vulnerability scoring system incorporating health and data sensitivity metrics","volume":"15","author":"Carre\u00f3n N. A.","year":"2021","unstructured":"[20] Carre\u00f3n, N. A., Sonderer, C., Rao, A., & Lysecky, R. (2021). A medical vulnerability scoring system incorporating health and data sensitivity metrics. International Journal of Computer and Information Engineering, 15(8), 458-466.","journal-title":"International Journal of Computer and Information Engineering"},{"key":"e_1_3_2_1_21_1","volume-title":"Risk Scoring System for Medical Devices.","author":"Secure Solutions","year":"2018","unstructured":"[21] QED Secure Solutions. (2018). Risk Scoring System for Medical Devices. Retrieved from https:\/\/www.riskscoringsystem.com\/medical."},{"key":"e_1_3_2_1_22_1","volume-title":"2011 Third International Conference on Multimedia Information Networking and Security (pp. 352-355)","author":"Wang R.","year":"2011","unstructured":"[22] Wang, R., Gao, L., Sun, Q., & Sun, D. (2011, November). An improved CVSS-based vulnerability scoring mechanism. In 2011 Third International Conference on Multimedia Information Networking and Security (pp. 352-355). IEEE."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2009.5314230"},{"key":"e_1_3_2_1_24_1","volume-title":"Large-Scale Vulnerability Analysis. In SIGCOMM\u201906 Workshops (pp. 131-138)","author":"Frei S.","year":"2006","unstructured":"[24] Frei, S., May, M., Fiedler, U., & Plattner, B. (2006). Large-Scale Vulnerability Analysis. In SIGCOMM\u201906 Workshops (pp. 131-138)."},{"key":"e_1_3_2_1_25_1","series-title":"Wiley Series in Probability and Mathematical Statistics","volume-title":"Continuous Univariate Distributions","author":"Krishnamurthy B.","year":"1994","unstructured":"[25] Krishnamurthy, B., & Rexford, J. (1994). Continuous Univariate Distributions (2nd ed., Vol. 1, Wiley Series in Probability and Mathematical Statistics).","edition":"2"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-13-6508-9_123"},{"key":"e_1_3_2_1_27_1","volume-title":"The Role of Vulnerability Scoring Systems in Cybersecurity Risk Management. CCSS-P-2022-001.","author":"Council on Cybersecurity (CCS).","year":"2022","unstructured":"[27] Council on Cybersecurity (CCS). (2022). The Role of Vulnerability Scoring Systems in Cybersecurity Risk Management. CCSS-P-2022-001. Retrieved from https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/niac-common-vulnerability-scoring-final-report-10-12-04-508.pdf"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7946"},{"key":"e_1_3_2_1_29_1","volume-title":"Vulnerability Scoring Systems: A Comparison of Methods.","author":"Open Web Application Security","year":"2022","unstructured":"[29] Open Web Application Security Project (OWASP). (2022). Vulnerability Scoring Systems: A Comparison of Methods. Retrieved from https:\/\/csrc.nist.gov\/files\/pubs\/sp\/800\/118\/ipd\/docs\/draft-sp800-118.pdf"},{"key":"e_1_3_2_1_30_1","volume-title":"NIST SP 800-53-4: Vulnerability Management Guidance for Information Systems and Organizations.","author":"National Institute of Standards and Technology (NIST).","year":"2020","unstructured":"[30] National Institute of Standards and Technology (NIST). (2020). NIST SP 800-53-4: Vulnerability Management Guidance for Information Systems and Organizations. Retrieved from https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_31_1","volume-title":"Combining qualitative and quantitative methods in research practice: purposes and advantages. Qualitative research in psychology, 3(4), 293-311","author":"Kelle U.","year":"2006","unstructured":"[31] Kelle, U. (2006). Combining qualitative and quantitative methods in research practice: purposes and advantages. Qualitative research in psychology, 3(4), 293-311."},{"key":"e_1_3_2_1_32_1","unstructured":"[32] IBM X-Force Exchange - Overview. (n.d.) https:\/\/www.ibm.com\/products\/xforce-exchange"},{"key":"e_1_3_2_1_33_1","volume-title":"IT and Business Operations. P. Kapur, & U. Kumar, Quality, IT, and Business Operations, 147. \u200c","author":"Kapur P. K.","year":"2018","unstructured":"[33] Kapur, P. K., Kumar, U., & Verma, A. K. (2018). Quality, IT and Business Operations. P. Kapur, & U. Kumar, Quality, IT, and Business Operations, 147. \u200c"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2015.1051675"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2017.04.001"},{"key":"e_1_3_2_1_36_1","volume-title":"Retrieved","author":"Coley S.","year":"2023","unstructured":"[36] Coley, S., & Chase, P. (n.d.). Approved for Public Release. Retrieved December 13, 2023, https:\/\/www.mitre.org\/sites\/default\/files\/2021-11\/pr-18-2208-rubric-for-applying-cvss-to-medical-devices.pdf"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2016.73014"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3381038"}],"event":{"name":"ARES 2024: The 19th International Conference on Availability, Reliability and Security","location":"Vienna Austria","acronym":"ARES 2024"},"container-title":["Proceedings of the 19th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670915","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664476.3670915","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:55:59Z","timestamp":1755881759000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670915"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,30]]},"references-count":38,"alternative-id":["10.1145\/3664476.3670915","10.1145\/3664476"],"URL":"https:\/\/doi.org\/10.1145\/3664476.3670915","relation":{},"subject":[],"published":{"date-parts":[[2024,7,30]]},"assertion":[{"value":"2024-07-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}