{"id":"https://openalex.org/W7164185039","doi":"https://doi.org/10.1016/j.cose.2026.105019","title":"Understanding security risks in update mechanisms of computing systems","display_name":"Understanding security risks in update mechanisms of computing systems","publication_year":2026,"publication_date":"2026-06-10","ids":{"openalex":"https://openalex.org/W7164185039","doi":"https://doi.org/10.1016/j.cose.2026.105019"},"language":"en","primary_location":{"id":"doi:10.1016/j.cose.2026.105019","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.cose.2026.105019","pdf_url":null,"source":{"id":"https://openalex.org/S12529635","display_name":"Computers & Security","issn_l":"0167-4048","issn":["0167-4048","1872-6208"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers &amp; Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.cose.2026.105019","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053627859","display_name":"Ahmad B. Usman","orcid":"https://orcid.org/0000-0001-6781-1420"},"institutions":[{"id":"https://openalex.org/I102134673","display_name":"Link\u00f6ping University","ror":"https://ror.org/05ynxx418","country_code":"SE","type":"education","lineage":["https://openalex.org/I102134673"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Ahmad B. Usman","raw_affiliation_strings":["Department of Computer and Information Science, Link\u00f6ping University, Link\u00f6ping, Sweden"],"raw_orcid":"https://orcid.org/0000-0001-6781-1420","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science, Link\u00f6ping University, Link\u00f6ping, Sweden","institution_ids":["https://openalex.org/I102134673"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052612328","display_name":"Mikael Asplund","orcid":"https://orcid.org/0000-0003-1916-3398"},"institutions":[{"id":"https://openalex.org/I102134673","display_name":"Link\u00f6ping University","ror":"https://ror.org/05ynxx418","country_code":"SE","type":"education","lineage":["https://openalex.org/I102134673"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mikael Asplund","raw_affiliation_strings":["Department of Computer and Information Science, Link\u00f6ping University, Link\u00f6ping, Sweden"],"raw_orcid":"https://orcid.org/0000-0003-1916-3398","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science, Link\u00f6ping University, Link\u00f6ping, Sweden","institution_ids":["https://openalex.org/I102134673"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5053627859"],"corresponding_institution_ids":["https://openalex.org/I102134673"],"apc_list":{"value":3190,"currency":"USD","value_usd":3190},"apc_paid":{"value":3190,"currency":"USD","value_usd":3190},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.78492082,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"170","issue":null,"first_page":"105019","last_page":"105019"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.31189998984336853,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.31189998984336853,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.11089999973773956,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.05909999832510948,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.31310001015663147},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.3041999936103821},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.3027999997138977},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.2685000002384186},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.2685000002384186}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7297999858856201},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5917999744415283},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5152000188827515},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.31310001015663147},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.3041999936103821},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3027999997138977},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2685000002384186},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2685000002384186},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2669000029563904},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.25760000944137573}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1016/j.cose.2026.105019","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.cose.2026.105019","pdf_url":null,"source":{"id":"https://openalex.org/S12529635","display_name":"Computers & Security","issn_l":"0167-4048","issn":["0167-4048","1872-6208"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers &amp; Security","raw_type":"journal-article"},{"id":"pmh:oai:DiVA.org:liu-224867","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-224867","pdf_url":null,"source":{"id":"https://openalex.org/S4306400838","display_name":"DiVA (Linkoping University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1016/j.cose.2026.105019","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.cose.2026.105019","pdf_url":null,"source":{"id":"https://openalex.org/S12529635","display_name":"Computers & Security","issn_l":"0167-4048","issn":["0167-4048","1872-6208"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers &amp; Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320940","display_name":"Stiftelsen f\u00f6r\u00a0Strategisk Forskning","ror":"https://ror.org/044wr7g58"},{"id":"https://openalex.org/F4320322327","display_name":"Knut och Alice Wallenbergs Stiftelse","ror":"https://ror.org/004hzzk67"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1968692939","https://openalex.org/W2883374116","https://openalex.org/W3136969503","https://openalex.org/W4280511617","https://openalex.org/W4306167577","https://openalex.org/W7142556441"],"related_works":[],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"a":[3,10,52,59,116,149],"study":[4],"of":[5,13,26,35,55,62,151],"update-related":[6,42,77],"vulnerabilities":[7,43,124],"based":[8,143],"on":[9,132,144],"curated":[11],"dataset":[12],"disclosures":[14],"from":[15],"the":[16,21,32,86,97],"past":[17],"decade.":[18],"We":[19,82,94],"analyze":[20],"exploitability,":[22],"impact,":[23],"and":[24,49,58,65,84,103,110,139,160],"severity":[25],"these":[27],"vulnerabilities,":[28,71],"comparing":[29],"them":[30],"with":[31,51,119,137],"broader":[33],"population":[34],"disclosed":[36],"vulnerabilities.":[37],"Our":[38],"findings":[39],"reveal":[40],"that":[41,96,122],"tend":[44],"to":[45,69,125,155],"be":[46],"more":[47],"severe":[48],"impactful,":[50],"higher":[53],"concentration":[54],"high-severity":[56],"scores":[57],"greater":[60],"compromise":[61],"confidentiality,":[63],"integrity,":[64],"availability.":[66],"In":[67],"contrast":[68],"general":[70],"which":[72],"are":[73],"often":[74],"network-exploitable,":[75],"most":[76,87,98],"attacks":[78],"require":[79],"local":[80],"access.":[81],"identify":[83],"categorize":[85],"common":[88],"weakness":[89],"types":[90],"in":[91],"update":[92,158],"mechanisms.":[93],"find":[95],"frequent":[99],"weaknesses":[100],"include":[101],"authentication":[102],"authorization-related":[104],"weaknesses,":[105,107,109],"input-related":[106],"path-related":[108],"certificate-related":[111],"weaknesses.":[112],"Furthermore,":[113],"we":[114,147],"introduce":[115],"rule-based":[117],"approach":[118],"predefined":[120],"keywords":[121],"assign":[123],"six":[126],"target-system":[127],"classes.":[128],"The":[129],"classification":[130],"relies":[131],"textual":[133],"vulnerability":[134],"descriptions":[135],"together":[136],"vendor":[138],"product":[140],"metadata.":[141],"Finally,":[142],"our":[145],"analysis,":[146],"derive":[148],"set":[150],"clear":[152],"mitigation":[153],"recommendations":[154],"help":[156],"secure":[157],"processes":[159],"reduce":[161],"associated":[162],"risks.":[163]},"counts_by_year":[],"updated_date":"2026-06-18T08:10:14.011955","created_date":"2026-06-11T00:00:00"}
