{"id":"https://openalex.org/W2565077509","doi":"https://doi.org/10.1109/tdsc.2016.2644614","title":"Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis","display_name":"Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis","publication_year":2016,"publication_date":"2016-12-24","ids":{"openalex":"https://openalex.org/W2565077509","doi":"https://doi.org/10.1109/tdsc.2016.2644614","mag":"2565077509"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2016.2644614","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2016.2644614","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001314969","display_name":"Pontus Johnson","orcid":"https://orcid.org/0000-0002-3293-1681"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Pontus Johnson","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden","KTH Royal Institute of Technology,, Stockholm, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"KTH Royal Institute of Technology,, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038692098","display_name":"Robert Lagerstr\u00f6m","orcid":"https://orcid.org/0000-0003-3089-3885"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Robert Lagerstrom","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden","KTH Royal Institute of Technology,, Stockholm, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"KTH Royal Institute of Technology,, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102842661","display_name":"Mathias Ekstedt","orcid":"https://orcid.org/0000-0003-3922-9606"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mathias Ekstedt","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden","KTH Royal Institute of Technology,, Stockholm, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"KTH Royal Institute of Technology,, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037374855","display_name":"Ulrik Franke","orcid":"https://orcid.org/0000-0003-2017-7914"},"institutions":[{"id":"https://openalex.org/I2800780207","display_name":"Swedish Institute","ror":"https://ror.org/022w3f533","country_code":"SE","type":"government","lineage":["https://openalex.org/I2800780207"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Ulrik Franke","raw_affiliation_strings":["Swedish Institute of Computer Science, Kista, Sweden","Swedish Institute Of Computer Science, Kista, Sweden#TAB#"],"raw_orcid":"https://orcid.org/0000-0003-2017-7914","affiliations":[{"raw_affiliation_string":"Swedish Institute of Computer Science, Kista, Sweden","institution_ids":["https://openalex.org/I2800780207"]},{"raw_affiliation_string":"Swedish Institute Of Computer Science, Kista, Sweden#TAB#","institution_ids":["https://openalex.org/I2800780207"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":8.2843,"has_fulltext":false,"cited_by_count":104,"citation_normalized_percentile":{"value":0.97505565,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"15","issue":"6","first_page":"1002","last_page":"1015"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8214551210403442},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7074309587478638},{"id":"https://openalex.org/keywords/credibility","display_name":"Credibility","score":0.5526453256607056},{"id":"https://openalex.org/keywords/bayesian-probability","display_name":"Bayesian probability","score":0.4870746433734894},{"id":"https://openalex.org/keywords/ground-truth","display_name":"Ground truth","score":0.4798431098461151},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.4605293869972229},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.45409294962882996},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.43087124824523926},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4208778142929077},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.41372719407081604},{"id":"https://openalex.org/keywords/relevance","display_name":"Relevance (law)","score":0.41164177656173706},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.27072566747665405},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2603345513343811}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8214551210403442},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7074309587478638},{"id":"https://openalex.org/C2780224610","wikidata":"https://www.wikidata.org/wiki/Q1530061","display_name":"Credibility","level":2,"score":0.5526453256607056},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.4870746433734894},{"id":"https://openalex.org/C146849305","wikidata":"https://www.wikidata.org/wiki/Q370766","display_name":"Ground truth","level":2,"score":0.4798431098461151},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.4605293869972229},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.45409294962882996},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.43087124824523926},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4208778142929077},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.41372719407081604},{"id":"https://openalex.org/C158154518","wikidata":"https://www.wikidata.org/wiki/Q7310970","display_name":"Relevance (law)","level":2,"score":0.41164177656173706},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27072566747665405},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2603345513343811},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2016.2644614","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2016.2644614","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6299999952316284,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"},{"score":0.41999998688697815,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W110007310","https://openalex.org/W384698140","https://openalex.org/W1971733255","https://openalex.org/W1973375765","https://openalex.org/W1985324839","https://openalex.org/W1991741227","https://openalex.org/W2037027324","https://openalex.org/W2054514875","https://openalex.org/W2108246235","https://openalex.org/W2110401754","https://openalex.org/W2120819559","https://openalex.org/W2143707047","https://openalex.org/W2162142914","https://openalex.org/W2207457333","https://openalex.org/W2489389092","https://openalex.org/W2917309827","https://openalex.org/W4232383088","https://openalex.org/W4251644969","https://openalex.org/W4292199333","https://openalex.org/W4399570610","https://openalex.org/W6678107894","https://openalex.org/W6869588011"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W2947584067","https://openalex.org/W2062873522","https://openalex.org/W3118510577","https://openalex.org/W3157230915","https://openalex.org/W1756374135","https://openalex.org/W4390540899","https://openalex.org/W2789975780","https://openalex.org/W2007895524"],"abstract_inverted_index":{"The":[0,93,104],"Common":[1],"Vulnerability":[2],"Scoring":[3],"System":[4],"(CVSS)":[5],"is":[6,51,74,78,90,125,130],"the":[7,30,33,55,61,65,69,82,88,126,131,134],"state-of-the":[8],"art":[9],"system":[10],"for":[11,20,110],"assessing":[12],"software":[13],"vulnerabilities.":[14],"However,":[15],"it":[16],"has":[17],"been":[18],"criticized":[19],"lack":[21],"of":[22,32,64,84,107,133],"validity":[23],"and":[24,45,128],"practitioner":[25],"relevance.":[26],"In":[27],"this":[28,122],"paper,":[29],"credibility":[31],"CVSS":[34,89],"scoring":[35],"data":[36],"found":[37,116],"in":[38],"five":[39],"leading":[40],"databases-NVD,":[41],"X-Force,":[42],"OSVDB,":[43],"CERT-VN,":[44],"Cisco-is":[46],"assessed.":[47],"A":[48],"Bayesian":[49],"method":[50],"used":[52],"to":[53],"infer":[54],"most":[56],"probable":[57],"true":[58],"values":[59],"underlying":[60],"imperfect":[62],"assessments":[63],"databases,":[66],"thus":[67],"circumventing":[68],"problem":[70],"that":[71,80],"ground":[72],"truth":[73],"not":[75],"known.":[76],"It":[77],"concluded":[79],"with":[81],"exception":[83],"a":[85,111],"few":[86],"dimensions,":[87],"quite":[91],"trustworthy.":[92],"databases":[94],"are":[95,100],"relatively":[96],"consistent,":[97],"but":[98],"some":[99],"better":[101],"than":[102],"others.":[103],"expected":[105],"accuracy":[106],"each":[108],"database":[109],"given":[112],"dimension":[113],"can":[114],"be":[115],"by":[117],"marginalizing":[118],"confusion":[119],"matrices.":[120],"By":[121],"measure,":[123],"NVD":[124],"best":[127],"OSVDB":[129],"worst":[132],"assessed":[135],"databases.":[136]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":19},{"year":2021,"cited_by_count":17},{"year":2020,"cited_by_count":12},{"year":2019,"cited_by_count":7},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}