{"id":"https://openalex.org/W2793427727","doi":"https://doi.org/10.1145/3176258.3176340","title":"Identifying Relevant Information Cues for Vulnerability Assessment Using CVSS","display_name":"Identifying Relevant Information Cues for Vulnerability Assessment Using CVSS","publication_year":2018,"publication_date":"2018-03-13","ids":{"openalex":"https://openalex.org/W2793427727","doi":"https://doi.org/10.1145/3176258.3176340","mag":"2793427727"},"language":"en","primary_location":{"id":"doi:10.1145/3176258.3176340","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3176258.3176340","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1803.07648","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047635330","display_name":"Luca Allodi","orcid":"https://orcid.org/0000-0003-1600-0868"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Luca Allodi","raw_affiliation_strings":["Eindhoven University of Technology, Eindhoven, Netherlands"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Eindhoven, Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010742852","display_name":"Sebastian B\u0103nescu","orcid":"https://orcid.org/0000-0003-0771-4826"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sebastian Banescu","raw_affiliation_strings":["Munich Technical University, Munich, Germany"],"affiliations":[{"raw_affiliation_string":"Munich Technical University, Munich, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020139180","display_name":"Henning Femmer","orcid":"https://orcid.org/0000-0002-6059-4635"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Henning Femmer","raw_affiliation_strings":["Munich Technical University, Munich, Germany"],"affiliations":[{"raw_affiliation_string":"Munich Technical University, Munich, Germany","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024651104","display_name":"Kristian Beckers","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kristian Beckers","raw_affiliation_strings":["Social Engineering Academy (SEA) GmbH, Frankfurt am Main, Germany"],"affiliations":[{"raw_affiliation_string":"Social Engineering Academy (SEA) GmbH, Frankfurt am Main, Germany","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5047635330"],"corresponding_institution_ids":["https://openalex.org/I83019370"],"apc_list":null,"apc_paid":null,"fwci":6.69738785,"has_fulltext":false,"cited_by_count":30,"citation_normalized_percentile":{"value":0.96399679,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"119","last_page":"126"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.9023154377937317},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.7443339824676514},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7357545495033264},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.5250372886657715},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5205515623092651},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.43066126108169556},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.41743290424346924},{"id":"https://openalex.org/keywords/quantitative-assessment","display_name":"Quantitative assessment","score":0.41594475507736206},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3768959045410156},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.32411548495292664},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3226858377456665},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.15016278624534607},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11039984226226807},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.08416202664375305}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.9023154377937317},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.7443339824676514},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7357545495033264},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.5250372886657715},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5205515623092651},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.43066126108169556},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.41743290424346924},{"id":"https://openalex.org/C2984588014","wikidata":"https://www.wikidata.org/wiki/Q730675","display_name":"Quantitative assessment","level":2,"score":0.41594475507736206},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3768959045410156},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.32411548495292664},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3226858377456665},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.15016278624534607},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11039984226226807},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.08416202664375305},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C111368507","wikidata":"https://www.wikidata.org/wiki/Q43518","display_name":"Oceanography","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3176258.3176340","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3176258.3176340","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1803.07648","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1803.07648","pdf_url":"https://arxiv.org/pdf/1803.07648","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1803.07648","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1803.07648","pdf_url":"https://arxiv.org/pdf/1803.07648","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6899999976158142}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W150078352","https://openalex.org/W384698140","https://openalex.org/W1582247085","https://openalex.org/W1958483554","https://openalex.org/W1964986774","https://openalex.org/W1973375765","https://openalex.org/W1982428762","https://openalex.org/W1998029707","https://openalex.org/W2001822577","https://openalex.org/W2030126945","https://openalex.org/W2043837581","https://openalex.org/W2044625105","https://openalex.org/W2052224842","https://openalex.org/W2067148378","https://openalex.org/W2110401754","https://openalex.org/W2126762719","https://openalex.org/W2129083809","https://openalex.org/W2133247286","https://openalex.org/W2160517961","https://openalex.org/W2164577291","https://openalex.org/W2291920259","https://openalex.org/W2361575844","https://openalex.org/W2369295637","https://openalex.org/W2380271241","https://openalex.org/W2400586709","https://openalex.org/W2522868061","https://openalex.org/W2735150897","https://openalex.org/W3124584635","https://openalex.org/W4235786516","https://openalex.org/W4242704521"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2947584067","https://openalex.org/W3118510577","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2062873522"],"abstract_inverted_index":{"The":[0,24],"assessment":[1,48,69,148],"of":[2,108,135,163],"new":[3],"vulnerabilities":[4],"is":[5,30],"an":[6,114],"activity":[7],"that":[8,96,121],"accounts":[9],"for":[10,21,34,169],"information":[11,64,85,92,110,123,139],"from":[12],"several":[13],"data":[14],"sources":[15,104],"and":[16,49,86,127,146,150],"produces":[17],"a":[18,46,73],"`severity'":[19],"score":[20],"the":[22,31,109,133,136,144,161,165],"vulnerability.":[23],"Common":[25],"Vulnerability":[26],"Scoring":[27],"System":[28],"(\\CVSS)":[29],"reference":[32],"standard":[33,102],"this":[35,55,59],"assessment.":[36,117],"Yet,":[37],"no":[38],"guidance":[39],"currently":[40],"exists":[41],"on":[42,124,140],"\\emph{which":[43],"information}":[44],"aids":[45],"correct":[47],"should":[50,151],"therefore":[51],"be":[52,152],"considered.":[53],"In":[54],"paper":[56],"we":[57,119],"address":[58],"problem":[60],"by":[61,101],"evaluating":[62],"which":[63],"cues":[65],"increase":[66],"(or":[67],"decrease)":[68],"accuracy.":[70],"We":[71,94],"devise":[72],"block":[74],"design":[75],"experiment":[76],"with":[77,82],"67":[78],"software":[79],"engineering":[80],"students":[81],"varying":[83],"vulnerability":[84,98,103,116,166],"measure":[87],"scoring":[88],"accuracy":[89,134,149],"under":[90],"different":[91],"sets.":[93],"find":[95,120],"baseline":[97],"descriptions":[99],"provided":[100],"provide":[105],"only":[106],"part":[107],"needed":[111],"to":[112],"achieve":[113],"accurate":[115],"Further,":[118],"additional":[122],"\\texttt{assets},":[125],"\\texttt{attacks},":[126],"\\texttt{vulnerability":[128],"type}":[129],"contributes":[130],"in":[131,160],"increasing":[132],"assessment;":[137],"conversely,":[138],"\\texttt{known":[141],"threats}":[142],"misleads":[143],"assessor":[145],"decreases":[147],"avoided":[153],"when":[154],"assessing":[155],"vulnerabilities.":[156],"These":[157],"results":[158],"go":[159],"direction":[162],"formalizing":[164],"communication":[167],"to,":[168],"example,":[170],"fully":[171],"automate":[172],"security":[173],"assessments.":[174]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}