{"id":"https://openalex.org/W2921533253","doi":"https://doi.org/10.5220/0007387704050411","title":"The Common Vulnerability Scoring System vs. Rock Star Vulnerabilities: Why the Discrepancy?","display_name":"The Common Vulnerability Scoring System vs. Rock Star Vulnerabilities: Why the Discrepancy?","publication_year":2019,"publication_date":"2019-01-01","ids":{"openalex":"https://openalex.org/W2921533253","doi":"https://doi.org/10.5220/0007387704050411","mag":"2921533253"},"language":"en","primary_location":{"id":"doi:10.5220/0007387704050411","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0007387704050411","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th International Conference on Information Systems Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.5220/0007387704050411","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066157537","display_name":"Doudou Fall","orcid":null},"institutions":[{"id":"https://openalex.org/I75917431","display_name":"Nara Institute of Science and Technology","ror":"https://ror.org/05bhada84","country_code":"JP","type":"education","lineage":["https://openalex.org/I75917431"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Doudou Fall","raw_affiliation_strings":["Laboratory for Cyber Resilience, Nara Institute of Science and Technology, 8916-5 Takayama-cho, Ikoma, Nara and Japan, --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Laboratory for Cyber Resilience, Nara Institute of Science and Technology, 8916-5 Takayama-cho, Ikoma, Nara and Japan, --- Select a Country ---","institution_ids":["https://openalex.org/I75917431"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084740320","display_name":"Youki Kadobayashi","orcid":null},"institutions":[{"id":"https://openalex.org/I75917431","display_name":"Nara Institute of Science and Technology","ror":"https://ror.org/05bhada84","country_code":"JP","type":"education","lineage":["https://openalex.org/I75917431"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Youki Kadobayashi","raw_affiliation_strings":["Laboratory for Cyber Resilience, Nara Institute of Science and Technology, 8916-5 Takayama-cho, Ikoma, Nara and Japan, --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Laboratory for Cyber Resilience, Nara Institute of Science and Technology, 8916-5 Takayama-cho, Ikoma, Nara and Japan, --- Select a Country ---","institution_ids":["https://openalex.org/I75917431"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5066157537"],"corresponding_institution_ids":["https://openalex.org/I75917431"],"apc_list":null,"apc_paid":null,"fwci":2.0349,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.89441564,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"405","last_page":"411"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9606999754905701,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9039000272750854,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6595332026481628},{"id":"https://openalex.org/keywords/notice","display_name":"Notice","score":0.6394891738891602},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6195757985115051},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5882487297058105},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5627092719078064},{"id":"https://openalex.org/keywords/star","display_name":"Star (game theory)","score":0.5334534645080566},{"id":"https://openalex.org/keywords/witness","display_name":"Witness","score":0.5319998860359192},{"id":"https://openalex.org/keywords/nothing","display_name":"Nothing","score":0.5004270076751709},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.17747095227241516},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.1742326319217682},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.1604013442993164},{"id":"https://openalex.org/keywords/psychological-resilience","display_name":"Psychological resilience","score":0.1291881799697876},{"id":"https://openalex.org/keywords/epistemology","display_name":"Epistemology","score":0.12105712294578552},{"id":"https://openalex.org/keywords/social-psychology","display_name":"Social psychology","score":0.1002381443977356},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09345340728759766}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6595332026481628},{"id":"https://openalex.org/C2779913896","wikidata":"https://www.wikidata.org/wiki/Q7063001","display_name":"Notice","level":2,"score":0.6394891738891602},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6195757985115051},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5882487297058105},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5627092719078064},{"id":"https://openalex.org/C2780897414","wikidata":"https://www.wikidata.org/wiki/Q7600592","display_name":"Star (game theory)","level":2,"score":0.5334534645080566},{"id":"https://openalex.org/C2776900844","wikidata":"https://www.wikidata.org/wiki/Q8028383","display_name":"Witness","level":2,"score":0.5319998860359192},{"id":"https://openalex.org/C136815107","wikidata":"https://www.wikidata.org/wiki/Q154242","display_name":"Nothing","level":2,"score":0.5004270076751709},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.17747095227241516},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.1742326319217682},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.1604013442993164},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.1291881799697876},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.12105712294578552},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.1002381443977356},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09345340728759766},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.5220/0007387704050411","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0007387704050411","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th International Conference on Information Systems Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.5220/0007387704050411","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0007387704050411","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th International Conference on Information Systems Security and Privacy","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.7599999904632568,"display_name":"Climate action","id":"https://metadata.un.org/sdg/13"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2216420239","https://openalex.org/W3011492772","https://openalex.org/W2499122376","https://openalex.org/W2800570524","https://openalex.org/W2808813869","https://openalex.org/W2109915140","https://openalex.org/W2315519183","https://openalex.org/W2103493327","https://openalex.org/W2375097772","https://openalex.org/W2742083842"],"abstract_inverted_index":{"Meltdown":[0,45],"&":[1,46],"Spectre":[2,47],"came":[3],"as":[4,74,159,209],"natural":[5],"disasters":[6],"to":[7,21,107,173],"the":[8,22,29,35,51,84,89,98,102,136,146,157,167,194,198,201,204,210],"IT":[9],"world":[10],"with":[11],"several":[12],"doomsday":[13],"scenarios":[14],"being":[15,170],"professed.":[16],"Yet,":[17],"when":[18],"we":[19,41,81,127],"turn":[20],"de":[23],"facto":[24],"standard":[25],"body":[26],"for":[27,59],"assessing":[28],"severity":[30],"of":[31,70,92,101,145,197,206,212],"a":[32,56,68,119,123,129,151,175],"security":[33,187,220],"vulnerability,":[34],"Common":[36],"Vulnerability":[37],"Scoring":[38],"System":[39],"(CVSS),":[40],"surprisingly":[42],"notice":[43],"that":[44,65,109,115,131,163,180,191],"do":[48],"not":[49],"command":[50],"highest":[52],"scores.":[53],"We":[54,96,189],"witness":[55],"similar":[57],"situation":[58],"other":[60],"rock":[61,93,124,160],"star":[62,94,161],"vulnerabilities":[63,162,216],"(vulnerabilities":[64],"have":[66,174],"received":[67],"lot":[69],"media":[71,207],"attention)":[72],"such":[73],"Heartbleed":[75],"and":[76,105,142,183,203],"KRACKs.":[77],"In":[78],"this":[79,192],"manuscript,":[80],"investigate":[82],"why":[83,118],"CVSS":[85,103],"\u2018fails\u2019":[86],"at":[87],"capturing":[88],"intrinsic":[90],"characteristics":[91],"vulnerabilities.":[95],"dissect":[97],"different":[99],"elements":[100],"(v2":[104],"v3)":[106],"prove":[108],"there":[110,148],"is":[111,122,149,193],"nothing":[112],"within":[113],"it":[114],"can":[116],"indicate":[117],"particular":[120],"vulnerability":[121],"star.":[125],"Further,":[126],"uncover":[128],"pattern":[130],"shows":[132],"that,":[133],"despite":[134],"all":[135],"beautifully":[137],"elaborated":[138],"formulas,":[139],"magic":[140],"numbers":[141],"catch":[143],"phrases":[144],"CVSS,":[147],"still":[150],"heavy":[152],"presence":[153],"human":[154],"emotion":[155],"into":[156],"scoring":[158,202],"were":[164,181],"exploited":[165],"in":[166],"wild":[168],"before":[169],"discovered":[171,182],"tend":[172],"higher":[176],"score":[177],"than":[178],"those":[179],"responsibly":[184],"disclosed":[185],"by":[186,219],"researchers.":[188,221],"believe":[190],"principal":[195],"reason":[196],"discrepancy":[199],"between":[200],"level":[205,215],"attention":[208],"majority":[211],"'modern'":[213],"high":[214],"are":[217],"introduced":[218]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}