{"id":"https://openalex.org/W2149764216","doi":"https://doi.org/10.1145/1920261.1920299","title":"Familiarity breeds contempt","display_name":"Familiarity breeds contempt","publication_year":2010,"publication_date":"2010-12-06","ids":{"openalex":"https://openalex.org/W2149764216","doi":"https://doi.org/10.1145/1920261.1920299","mag":"2149764216"},"language":"en","primary_location":{"id":"doi:10.1145/1920261.1920299","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1920261.1920299","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053984675","display_name":"Sandy Clark","orcid":null},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sandy Clark","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111628653","display_name":"Stefan Frei","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Stefan Frei","raw_affiliation_strings":["Secunia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Secunia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017589378","display_name":"Matt Blaze","orcid":null},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matt Blaze","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102006686","display_name":"Jonathan Smith","orcid":"https://orcid.org/0000-0002-1684-1344"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jonathan Smith","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.8992,"has_fulltext":false,"cited_by_count":55,"citation_normalized_percentile":{"value":0.963345,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"251","last_page":"260"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.6420031785964966},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6134366989135742},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5969327688217163},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4875020682811737},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.45615354180336},{"id":"https://openalex.org/keywords/backporting","display_name":"Backporting","score":0.451621949672699},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.44189244508743286},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42992669343948364},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.40985730290412903},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3899160325527191},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.33736473321914673},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.25663235783576965},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.18317675590515137},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.12975218892097473},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.06495437026023865}],"concepts":[{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.6420031785964966},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6134366989135742},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5969327688217163},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4875020682811737},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.45615354180336},{"id":"https://openalex.org/C21491501","wikidata":"https://www.wikidata.org/wiki/Q430253","display_name":"Backporting","level":5,"score":0.451621949672699},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.44189244508743286},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42992669343948364},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.40985730290412903},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3899160325527191},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.33736473321914673},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.25663235783576965},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.18317675590515137},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.12975218892097473},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.06495437026023865},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1920261.1920299","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1920261.1920299","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Responsible consumption and production","id":"https://metadata.un.org/sdg/12","score":0.5600000023841858}],"awards":[{"id":"https://openalex.org/G1705557388","display_name":null,"funder_award_id":"CCD-0810947CNS-0905434","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4930731088","display_name":null,"funder_award_id":"CCD-0810947CNS-0905434","funder_id":"https://openalex.org/F4320337388","funder_display_name":"Division of Computer and Network Systems"},{"id":"https://openalex.org/G5510063518","display_name":null,"funder_award_id":"N00014-07-1-907N00014-09-1-0770","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320337388","display_name":"Division of Computer and Network Systems","ror":"https://ror.org/02rdzmk74"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W14626830","https://openalex.org/W122154057","https://openalex.org/W172316423","https://openalex.org/W315697163","https://openalex.org/W1554758995","https://openalex.org/W1580060001","https://openalex.org/W1964508730","https://openalex.org/W1966017250","https://openalex.org/W1975465363","https://openalex.org/W1979820341","https://openalex.org/W1980595883","https://openalex.org/W1982950099","https://openalex.org/W2008626182","https://openalex.org/W2117210791","https://openalex.org/W2119055825","https://openalex.org/W2123586642","https://openalex.org/W2126055257","https://openalex.org/W2126762719","https://openalex.org/W2146878883","https://openalex.org/W2396161363","https://openalex.org/W2914982603","https://openalex.org/W2983995785"],"related_works":["https://openalex.org/W3043810321","https://openalex.org/W2383958993","https://openalex.org/W2123075981","https://openalex.org/W101576598","https://openalex.org/W2504378244","https://openalex.org/W2796094063","https://openalex.org/W2537414278","https://openalex.org/W2509785410","https://openalex.org/W1528342233","https://openalex.org/W2075698583"],"abstract_inverted_index":{"Work":[0],"on":[1,9,71],"security":[2],"vulnerabilities":[3,28,156,225],"in":[4,12,46,124,147],"software":[5,14,20,26,48,83,118,136,155,161,175,232],"has":[6,228],"primarily":[7,191],"focused":[8],"three":[10],"points":[11],"the":[13,35,47,53,61,64,72,77,97,117,125,142,148,165,168,171,181,184,197,216,222],"life-cycle:":[15],"(1)":[16],"finding":[17],"and":[18,32,104,109,179,221,235],"removing":[19],"defects,":[21],"(2)":[22],"patching":[23],"or":[24],"hardening":[25],"after":[27,170],"have":[29,157],"been":[30],"discovered,":[31],"(3)":[33],"measuring":[34],"rate":[36,126,217],"of":[37,56,63,82,91,96,127,151,167,173,183,194,218,224],"vulnerability":[38,49,84,128,186,219],"exploitation.":[39],"This":[40,138],"paper":[41],"examines":[42],"an":[43],"earlier":[44],"period":[45,169],"life-cycle,":[50],"starting":[51],"from":[52,74,160,207],"release":[54,75,172],"date":[55],"a":[57,68,89,120,152,174,192,211],"version":[58],"through":[59],"to":[60,88,116,141,214],"disclosure":[62],"fourth":[65],"vulnerability,":[66],"with":[67,196],"particular":[69],"focus":[70],"time":[73],"until":[76],"very":[78],"first":[79,149,185],"disclosed":[80],"vulnerability.Analysis":[81],"data,":[85],"including":[86],"up":[87],"decade":[90],"data":[92],"for":[93,231],"several":[94],"versions":[95],"most":[98],"popular":[99],"operating":[100],"systems,":[101],"server":[102],"applications":[103,106],"user":[105],"(both":[107],"open":[108],"closed":[110],"source),":[111],"shows":[112],"that":[113,144,164,203],"properties":[114,133,159],"extrinsic":[115],"play":[119],"much":[121],"greater":[122],"role":[123],"discovery":[129,182,220],"than":[130],"do":[131],"intrinsic":[132],"such":[134],"as":[135],"quality.":[137],"leads":[139],"us":[140],"observation":[143],"(at":[145],"least":[146],"phase":[150],"product's":[153],"existence),":[154],"different":[158],"defects.We":[162],"show":[163],"length":[166],"product":[176],"(or":[177],"version)":[178],"before":[180],"(the":[187],"'Honeymoon'":[188],"period)":[189],"is":[190,210],"function":[193],"familiarity":[195],"system.":[198],"In":[199],"addition,":[200],"we":[201],"demonstrate":[202],"legacy":[204],"code":[205,208],"resulting":[206],"re-use":[209],"major":[212],"contributor":[213],"both":[215],"numbers":[223],"found;":[226],"this":[227],"significant":[229],"implications":[230],"engineering":[233],"principles":[234],"practice.":[236]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":8},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":7}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}