{"id":"https://openalex.org/W3084558590","doi":"https://doi.org/10.1093/cybsec/tyaa015","title":"Improving vulnerability remediation through better exploit prediction","display_name":"Improving vulnerability remediation through better exploit prediction","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3084558590","doi":"https://doi.org/10.1093/cybsec/tyaa015","mag":"3084558590"},"language":"en","primary_location":{"id":"doi:10.1093/cybsec/tyaa015","is_oa":true,"landing_page_url":"https://doi.org/10.1093/cybsec/tyaa015","pdf_url":"https://academic.oup.com/cybersecurity/article-pdf/6/1/tyaa015/33746021/tyaa015.pdf","source":{"id":"https://openalex.org/S2735156331","display_name":"Journal of Cybersecurity","issn_l":"2057-2085","issn":["2057-2085","2057-2093"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://academic.oup.com/cybersecurity/article-pdf/6/1/tyaa015/33746021/tyaa015.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056206534","display_name":"Jay Jacobs","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jay Jacobs","raw_affiliation_strings":["Cyentia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyentia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002725626","display_name":"Sasha Romanosky","orcid":null},"institutions":[{"id":"https://openalex.org/I1309849503","display_name":"RAND Corporation","ror":"https://ror.org/00f2z7n96","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1309849503"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sasha Romanosky","raw_affiliation_strings":["RAND Corporation"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"RAND Corporation","institution_ids":["https://openalex.org/I1309849503"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048924093","display_name":"Idris Adjerid","orcid":"https://orcid.org/0000-0002-2786-1244"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Idris Adjerid","raw_affiliation_strings":["Virginia Tech"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Virginia Tech","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088672073","display_name":"Wade Baker","orcid":null},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wade Baker","raw_affiliation_strings":["Virginia Tech"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Virginia Tech","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5002725626"],"corresponding_institution_ids":["https://openalex.org/I1309849503"],"apc_list":{"value":1864,"currency":"USD","value_usd":1864},"apc_paid":{"value":1864,"currency":"USD","value_usd":1864},"fwci":8.3379,"has_fulltext":false,"cited_by_count":100,"citation_normalized_percentile":{"value":0.97903014,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"6","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.922452449798584},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.817878246307373},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.6034761667251587},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5886792540550232},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5821609497070312},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5763338208198547},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.5222859382629395},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4248097240924835},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3812011182308197},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.35045701265335083},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21615177392959595},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.12020936608314514},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.11231350898742676},{"id":"https://openalex.org/keywords/psychological-intervention","display_name":"Psychological intervention","score":0.10604298114776611}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.922452449798584},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.817878246307373},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.6034761667251587},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5886792540550232},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5821609497070312},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5763338208198547},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5222859382629395},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4248097240924835},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3812011182308197},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.35045701265335083},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21615177392959595},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.12020936608314514},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.11231350898742676},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.10604298114776611},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.0},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1093/cybsec/tyaa015","is_oa":true,"landing_page_url":"https://doi.org/10.1093/cybsec/tyaa015","pdf_url":"https://academic.oup.com/cybersecurity/article-pdf/6/1/tyaa015/33746021/tyaa015.pdf","source":{"id":"https://openalex.org/S2735156331","display_name":"Journal of Cybersecurity","issn_l":"2057-2085","issn":["2057-2085","2057-2093"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/102309","is_oa":true,"landing_page_url":"http://hdl.handle.net/10919/102309","pdf_url":null,"source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article - Refereed"}],"best_oa_location":{"id":"doi:10.1093/cybsec/tyaa015","is_oa":true,"landing_page_url":"https://doi.org/10.1093/cybsec/tyaa015","pdf_url":"https://academic.oup.com/cybersecurity/article-pdf/6/1/tyaa015/33746021/tyaa015.pdf","source":{"id":"https://openalex.org/S2735156331","display_name":"Journal of Cybersecurity","issn_l":"2057-2085","issn":["2057-2085","2057-2093"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311648","host_organization_name":"Oxford University Press","host_organization_lineage":["https://openalex.org/P4310311648","https://openalex.org/P4310311647"],"host_organization_lineage_names":["Oxford University Press","University of Oxford"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6399999856948853,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W3084558590.pdf"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W85350352","https://openalex.org/W150078352","https://openalex.org/W855528594","https://openalex.org/W1678356000","https://openalex.org/W1707806712","https://openalex.org/W2058012887","https://openalex.org/W2098569569","https://openalex.org/W2103952271","https://openalex.org/W2109914336","https://openalex.org/W2115904533","https://openalex.org/W2117405938","https://openalex.org/W2123059002","https://openalex.org/W2142889610","https://openalex.org/W2155524176","https://openalex.org/W2157578436","https://openalex.org/W2162373348","https://openalex.org/W2177864412","https://openalex.org/W2967278527","https://openalex.org/W3102673518","https://openalex.org/W3109980583","https://openalex.org/W3123365097","https://openalex.org/W3124584635","https://openalex.org/W3161677312","https://openalex.org/W4376601116","https://openalex.org/W6676427759"],"related_works":["https://openalex.org/W3210849010","https://openalex.org/W4200107511","https://openalex.org/W2392503306","https://openalex.org/W4306762697","https://openalex.org/W4284888217","https://openalex.org/W4385719733","https://openalex.org/W2979496624","https://openalex.org/W2297096600","https://openalex.org/W3085047896","https://openalex.org/W2980033082"],"abstract_inverted_index":{"Abstract":[0],"Despite":[1],"significant":[2],"innovations":[3],"in":[4,185,213,246],"IT":[5],"security":[6,17],"products":[7],"and":[8,22,33,62,180,191,195,232],"research":[9],"over":[10],"the":[11,15,26,86,121,137,152,198,214,222],"past":[12],"20":[13],"years,":[14],"information":[16],"field":[18],"is":[19,91],"still":[20,68],"immature":[21],"struggling.":[23],"Practitioners":[24],"lack":[25],"ability":[27],"to":[28,36,53,93,110,155,187,230,239],"properly":[29],"assess":[30],"cyber":[31],"risk,":[32],"decision-makers":[34],"continue":[35],"be":[37,146,240],"paralyzed":[38],"by":[39,72,132,209,226],"vulnerability":[40,57,177],"scanners":[41],"that":[42,98,203,242],"overload":[43],"their":[44],"staff":[45],"with":[46,168],"mountains":[47],"of":[48,124,164,176,201,206],"scan":[49],"results.":[50],"In":[51],"order":[52],"cope,":[54],"firms":[55,89],"prioritize":[56],"remediation":[58,96,178],"using":[59,211],"crude":[60],"heuristics":[61],"limited":[63],"data,":[64],"though":[65],"they":[66],"are":[67],"too":[69],"often":[70],"breached":[71],"known":[73],"vulnerabilities":[74,113,125,144,228,238],"for":[75,80],"which":[76],"patches":[77],"have":[78,243],"existed":[79],"months":[81],"or":[82],"years.":[83],"And":[84],"so,":[85],"key":[87],"challenge":[88],"face":[90],"trying":[92],"identify":[94],"a":[95,141,161,174],"strategy":[97],"best":[99],"balances":[100],"two":[101],"competing":[102],"forces.":[103],"On":[104,136],"one":[105],"hand,":[106,139],"it":[107,127],"could":[108],"attempt":[109],"patch":[111],"all":[112],"on":[114],"its":[115],"network.":[116],"While":[117],"this":[118],"would":[119,128,145],"provide":[120],"greatest":[122],"\u2018coverage\u2019":[123],"patched,":[126],"inefficiently":[129],"consume":[130],"resources":[131],"fixing":[133],"low-risk":[134],"vulnerabilities.":[135,159],"other":[138,157],"patching":[140],"few":[142],"high-risk":[143,158,237],"highly":[147],"\u2018efficient\u2019,":[148],"but":[149],"may":[150],"leave":[151],"firm":[153,248],"exposed":[154],"many":[156],"Using":[160],"large":[162],"collection":[163],"multiple":[165],"datasets":[166],"together":[167],"machine":[169,223],"learning":[170,224],"techniques,":[171],"we":[172,235],"construct":[173],"series":[175],"strategies":[179],"compare":[181],"how":[182],"each":[183],"perform":[184],"regard":[186],"trading":[188],"off":[189],"coverage":[190],"efficiency.":[192],"We":[193,220],"expand":[194],"improve":[196],"upon":[197],"small":[199],"body":[200],"literature":[202],"uses":[204],"predictions":[205],"\u2018published":[207],"exploits\u2019,":[208],"instead":[210],"\u2018exploits":[212],"wild\u2019":[215],"as":[216],"our":[217],"outcome":[218],"variable.":[219],"implement":[221],"models":[225],"classifying":[227],"according":[229],"high-":[231],"low-risk,":[233],"where":[234],"consider":[236],"those":[241],"been":[244],"exploited":[245],"actual":[247],"networks.":[249]},"counts_by_year":[{"year":2026,"cited_by_count":6},{"year":2025,"cited_by_count":19},{"year":2024,"cited_by_count":21},{"year":2023,"cited_by_count":19},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":15},{"year":2020,"cited_by_count":8}],"updated_date":"2026-07-02T09:51:11.867554","created_date":"2025-10-10T00:00:00"}
