{"id":"https://openalex.org/W4402704970","doi":"https://doi.org/10.1145/3688459.3688463","title":"From Chaos to Consistency: The Role of CSAF in Streamlining Security Advisories","display_name":"From Chaos to Consistency: The Role of CSAF in Streamlining Security Advisories","publication_year":2024,"publication_date":"2024-09-30","ids":{"openalex":"https://openalex.org/W4402704970","doi":"https://doi.org/10.1145/3688459.3688463"},"language":"en","primary_location":{"id":"doi:10.1145/3688459.3688463","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3688459.3688463","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 European Symposium on Usable Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2408.14937","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5062028932","display_name":"Julia Wunder","orcid":"https://orcid.org/0009-0006-6545-7513"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Julia Wunder","raw_affiliation_strings":["Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany,"],"affiliations":[{"raw_affiliation_string":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany,","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111335394","display_name":"Janik Aurich","orcid":null},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Janik Aurich","raw_affiliation_strings":["Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany,"],"affiliations":[{"raw_affiliation_string":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany,","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040519207","display_name":"Zinaida Benenson","orcid":"https://orcid.org/0009-0006-7158-0219"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Zinaida Benenson","raw_affiliation_strings":["Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany,"],"affiliations":[{"raw_affiliation_string":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany,","institution_ids":["https://openalex.org/I181369854"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5062028932"],"corresponding_institution_ids":["https://openalex.org/I181369854"],"apc_list":null,"apc_paid":null,"fwci":0.6831,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.68349936,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"187","last_page":"199"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.7429460287094116},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7388902902603149},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6492108106613159},{"id":"https://openalex.org/keywords/consistency","display_name":"Consistency (knowledge bases)","score":0.607781171798706},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5681624412536621},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.49810290336608887},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.49198290705680847},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.4811795651912689},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.46507617831230164},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4590117335319519},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.43143564462661743},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3917747139930725},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.37743088603019714},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3681758642196655},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3461710214614868},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.33067548274993896},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.15299800038337708},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.12418943643569946},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1105118989944458},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.09884384274482727}],"concepts":[{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.7429460287094116},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7388902902603149},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6492108106613159},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.607781171798706},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5681624412536621},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.49810290336608887},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.49198290705680847},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4811795651912689},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.46507617831230164},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4590117335319519},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.43143564462661743},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3917747139930725},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.37743088603019714},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3681758642196655},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3461710214614868},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.33067548274993896},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.15299800038337708},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.12418943643569946},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1105118989944458},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.09884384274482727},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3688459.3688463","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3688459.3688463","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 European Symposium on Usable Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2408.14937","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2408.14937","pdf_url":"https://arxiv.org/pdf/2408.14937","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2408.14937","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2408.14937","pdf_url":"https://arxiv.org/pdf/2408.14937","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"display_name":"Reduced inequalities","id":"https://metadata.un.org/sdg/10","score":0.4399999976158142}],"awards":[{"id":"https://openalex.org/G2580651502","display_name":null,"funder_award_id":"16KIS1271K","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"}],"funders":[{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4402704970.pdf","grobid_xml":"https://content.openalex.org/works/W4402704970.grobid-xml"},"referenced_works_count":9,"referenced_works":["https://openalex.org/W2124035628","https://openalex.org/W2136589719","https://openalex.org/W2571173479","https://openalex.org/W3012761238","https://openalex.org/W3017863658","https://openalex.org/W3049077356","https://openalex.org/W3121596715","https://openalex.org/W3163835525","https://openalex.org/W4255783720"],"related_works":["https://openalex.org/W2345270111","https://openalex.org/W2372674753","https://openalex.org/W3195904671","https://openalex.org/W293735344","https://openalex.org/W2745157681","https://openalex.org/W2165898552","https://openalex.org/W2362217043","https://openalex.org/W2555665621","https://openalex.org/W820134910","https://openalex.org/W2115730242"],"abstract_inverted_index":{"Security":[0,65],"advisories":[1,73,111],"have":[2],"become":[3],"an":[4,146],"important":[5],"part":[6],"of":[7,90,119,132,198,209,229],"vulnerability":[8],"management.":[9],"They":[10],"can":[11,102,159],"be":[12,161],"used":[13],"to":[14,58,70,81,86,125,164,173,194],"gather":[15],"and":[16,41,53,85,143,158,166,169,222],"distribute":[17],"valuable":[18],"information":[19],"about":[20],"vulnerabilities.":[21],"Although":[22,188],"there":[23],"is":[24,32,51,79,122,128,184,213],"a":[25,37,75,94,223],"predefined":[26],"broad":[27],"format":[28,77],"for":[29,55,220],"advisories,":[30,200],"it":[31,50,101],"not":[33,217],"really":[34],"standardized.":[35],"As":[36],"result,":[38],"their":[39,115],"content":[40],"form":[42],"vary":[43],"greatly":[44],"depending":[45],"on":[46],"the":[47,60,91,106,129,196,204,210],"vendor.":[48],"Thus,":[49],"cumbersome":[52],"resource-intensive":[54],"security":[56,72,110,141,199],"analysts":[57],"extract":[59],"relevant":[61],"information.":[62],"The":[63,152],"Common":[64],"Advisory":[66],"Format":[67],"(CSAF)":[68],"aims":[69],"bring":[71],"into":[74],"standardized":[76],"which":[78],"intended":[80],"solve":[82,174],"existing":[83],"problems":[84,156],"enable":[87],"automated":[88],"processing":[89,197],"advisories.":[92],"However,":[93,178],"new":[95],"standard":[96],"only":[97],"makes":[98],"sense":[99],"if":[100],"benefit":[103],"users.":[104],"Hence":[105],"questions":[107],"arise:":[108],"Do":[109],"cause":[112],"issues":[113,121],"in":[114],"current":[116,130],"state?":[117],"Which":[118],"these":[120,136,176],"CSAF":[123,171,183],"able":[124],"resolve?":[126],"What":[127],"state":[131],"automation?":[133],"To":[134],"investigate":[135],"questions,":[137],"we":[138],"interviewed":[139],"three":[140],"experts,":[142],"then":[144],"conducted":[145],"online":[147],"survey":[148],"with":[149],"197":[150],"participants.":[151],"results":[153,180],"show":[154,181],"that":[155,182,214],"exist":[157],"often":[160],"traced":[162],"back":[163],"confusing":[165],"inconsistent":[167],"structures":[168],"formats.":[170],"attempts":[172],"precisely":[175],"problems.":[177],"our":[179],"currently":[185],"rarely":[186],"used.":[187],"users":[189],"perceive":[190],"automation":[191,221],"as":[192],"necessary":[193],"improve":[195],"many":[201],"are":[202,216],"at":[203],"same":[205],"time":[206],"skeptical.":[207],"One":[208],"main":[211],"reasons":[212],"systems":[215],"yet":[218],"designed":[219],"migration":[224],"would":[225],"require":[226],"vast":[227],"amounts":[228],"resources.":[230]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}