{"id":"https://openalex.org/W2797904155","doi":"https://doi.org/10.1145/3190619.3191694","title":"How bad is it, really? an analysis of severity scores for vulnerabilities","display_name":"How bad is it, really? an analysis of severity scores for vulnerabilities","publication_year":2018,"publication_date":"2018-04-10","ids":{"openalex":"https://openalex.org/W2797904155","doi":"https://doi.org/10.1145/3190619.3191694","mag":"2797904155"},"language":"en","primary_location":{"id":"doi:10.1145/3190619.3191694","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3190619.3191694","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022487152","display_name":"Christopher Theisen","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Christopher Theisen","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028171895","display_name":"Laurie Williams","orcid":"https://orcid.org/0000-0003-3300-6540"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Laurie Williams","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5022487152"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":0.7854,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.79512362,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"1"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8201912641525269},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7271599769592285},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7094950675964355},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.6165805459022522},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5895993709564209},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5068402886390686},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4943835735321045},{"id":"https://openalex.org/keywords/skew","display_name":"Skew","score":0.4546416997909546},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3273712992668152},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1930481195449829},{"id":"https://openalex.org/keywords/medicine","display_name":"Medicine","score":0.14326119422912598},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.0917377769947052},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.07134464383125305}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8201912641525269},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7271599769592285},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7094950675964355},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.6165805459022522},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5895993709564209},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5068402886390686},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4943835735321045},{"id":"https://openalex.org/C43711488","wikidata":"https://www.wikidata.org/wiki/Q7534783","display_name":"Skew","level":2,"score":0.4546416997909546},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3273712992668152},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1930481195449829},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.14326119422912598},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0917377769947052},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.07134464383125305},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3190619.3191694","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3190619.3191694","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":2,"referenced_works":["https://openalex.org/W2079753286","https://openalex.org/W2714550548"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2947584067","https://openalex.org/W3118510577","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2062873522"],"abstract_inverted_index":{"To":[0,17,41],"date,":[1],"vulnerability":[2],"research":[3],"has":[4],"focused":[5],"on":[6],"the":[7,20,29,62,70,98],"binary":[8,38],"classification":[9,39],"of":[10,31,72,100],"code":[11],"as":[12,105],"vulnerable":[13],"or":[14],"not":[15],"vulnerable.":[16],"better":[18],"understand":[19],"conditions":[21],"in":[22,34,102,107],"which":[23],"vulnerabilities":[24,33,50,80,85],"occur,":[25],"researchers":[26],"must":[27],"consider":[28],"severity":[30,59],"these":[32,73],"addition":[35],"to":[36],"a":[37,89],"system.":[40],"explore":[42,93],"this":[43],"issue,":[44],"we":[45],"mined":[46],"2,979":[47],"publicly":[48,78],"disclosed":[49],"from":[51,61],"Fedora":[52],"24":[53],"and":[54,68,110],"25.":[55],"We":[56,75,91],"then":[57,92],"found":[58,76],"scores":[60],"Common":[63],"Vulnerability":[64],"Scoring":[65],"System":[66],"(CVSS)":[67],"plotted":[69],"distribution":[71],"vulnerabilities.":[74],"that":[77],"scored":[79],"skew":[81],"high,":[82],"with":[83,97],"few":[84],"rated":[86],"lower":[87],"than":[88],"5.":[90],"other":[94],"potential":[95],"issues":[96],"use":[99],"CVSS":[101],"practice,":[103],"such":[104],"imbalances":[106],"Confidentiality,":[108],"Availability,":[109],"Integrity":[111],"scores.":[112]},"counts_by_year":[{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}