{"id":"https://openalex.org/W4412709569","doi":"https://doi.org/10.1145/3718081","title":"Stop Using Vulnerability Counts to Measure Software Security","display_name":"Stop Using Vulnerability Counts to Measure Software Security","publication_year":2025,"publication_date":"2025-07-29","ids":{"openalex":"https://openalex.org/W4412709569","doi":"https://doi.org/10.1145/3718081"},"language":"en","primary_location":{"id":"doi:10.1145/3718081","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3718081","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3718081","source":{"id":"https://openalex.org/S103482838","display_name":"Communications of the ACM","issn_l":"0001-0782","issn":["0001-0782","1557-7317"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Communications of the ACM","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3718081","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073112840","display_name":"Andrew Meneely","orcid":"https://orcid.org/0000-0002-4850-1408"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Andy Meneely","raw_affiliation_strings":["Rochester Institute of Technology, Rochester, New York, United States"],"affiliations":[{"raw_affiliation_string":"Rochester Institute of Technology, Rochester, New York, United States","institution_ids":["https://openalex.org/I155173764"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030147937","display_name":"Brandon N. Keller","orcid":"https://orcid.org/0000-0002-4271-9318"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brandon Keller","raw_affiliation_strings":["Rochester Institute of Technology, Rochester, New York, United States"],"affiliations":[{"raw_affiliation_string":"Rochester Institute of Technology, Rochester, New York, United States","institution_ids":["https://openalex.org/I155173764"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5073112840"],"corresponding_institution_ids":["https://openalex.org/I155173764"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.30723365,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"68","issue":"9","first_page":"34","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9488000273704529,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9488000273704529,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9478999972343445,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/measure","display_name":"Measure (data warehouse)","score":0.7001561522483826},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6972213387489319},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6508105993270874},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5342710614204407},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5167295336723328},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.44715026021003723},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.24943742156028748},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.17131301760673523},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16654005646705627},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.09046420454978943}],"concepts":[{"id":"https://openalex.org/C2780009758","wikidata":"https://www.wikidata.org/wiki/Q6804172","display_name":"Measure (data warehouse)","level":2,"score":0.7001561522483826},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6972213387489319},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6508105993270874},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5342710614204407},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5167295336723328},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.44715026021003723},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.24943742156028748},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.17131301760673523},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16654005646705627},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.09046420454978943}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3718081","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3718081","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3718081","source":{"id":"https://openalex.org/S103482838","display_name":"Communications of the ACM","issn_l":"0001-0782","issn":["0001-0782","1557-7317"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Communications of the ACM","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3718081","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3718081","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3718081","source":{"id":"https://openalex.org/S103482838","display_name":"Communications of the ACM","issn_l":"0001-0782","issn":["0001-0782","1557-7317"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Communications of the ACM","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2088319273","display_name":null,"funder_award_id":"2336252","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4412709569.pdf","grobid_xml":"https://content.openalex.org/works/W4412709569.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4255837520","https://openalex.org/W2387011115","https://openalex.org/W4234808182","https://openalex.org/W2382043075","https://openalex.org/W2809151339","https://openalex.org/W2360673138","https://openalex.org/W2809370583","https://openalex.org/W2333722679","https://openalex.org/W4255628145","https://openalex.org/W2093320919"],"abstract_inverted_index":{"Shifting":[0],"focus":[1],"from":[2],"assessing":[3],"volume":[4],"to":[5],"effectiveness.":[6]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}