---
_id: '65528'
article_number: '104362'
author:
- first_name: Adam
  full_name: Janovsky, Adam
  last_name: Janovsky
- first_name: Łukasz
  full_name: Chmielewski, Łukasz
  last_name: Chmielewski
- first_name: Petr
  full_name: Svenda, Petr
  last_name: Svenda
- first_name: Jan
  full_name: Jancar, Jan
  last_name: Jancar
- first_name: Vashek
  full_name: Matyas, Vashek
  last_name: Matyas
citation:
  ama: Janovsky A, Chmielewski Ł, Svenda P, Jancar J, Matyas V. Revisiting the analysis
    of references among Common Criteria certified products. <i>Computers &#38;amp;
    Security</i>. 2025;152. doi:<a href="https://doi.org/10.1016/j.cose.2025.104362">10.1016/j.cose.2025.104362</a>
  apa: Janovsky, A., Chmielewski, Ł., Svenda, P., Jancar, J., &#38; Matyas, V. (2025).
    Revisiting the analysis of references among Common Criteria certified products.
    <i>Computers &#38;amp; Security</i>, <i>152</i>, Article 104362. <a href="https://doi.org/10.1016/j.cose.2025.104362">https://doi.org/10.1016/j.cose.2025.104362</a>
  bibtex: '@article{Janovsky_Chmielewski_Svenda_Jancar_Matyas_2025, title={Revisiting
    the analysis of references among Common Criteria certified products}, volume={152},
    DOI={<a href="https://doi.org/10.1016/j.cose.2025.104362">10.1016/j.cose.2025.104362</a>},
    number={104362}, journal={Computers &#38;amp; Security}, publisher={Elsevier BV},
    author={Janovsky, Adam and Chmielewski, Łukasz and Svenda, Petr and Jancar, Jan
    and Matyas, Vashek}, year={2025} }'
  chicago: Janovsky, Adam, Łukasz Chmielewski, Petr Svenda, Jan Jancar, and Vashek
    Matyas. “Revisiting the Analysis of References among Common Criteria Certified
    Products.” <i>Computers &#38;amp; Security</i> 152 (2025). <a href="https://doi.org/10.1016/j.cose.2025.104362">https://doi.org/10.1016/j.cose.2025.104362</a>.
  ieee: 'A. Janovsky, Ł. Chmielewski, P. Svenda, J. Jancar, and V. Matyas, “Revisiting
    the analysis of references among Common Criteria certified products,” <i>Computers
    &#38;amp; Security</i>, vol. 152, Art. no. 104362, 2025, doi: <a href="https://doi.org/10.1016/j.cose.2025.104362">10.1016/j.cose.2025.104362</a>.'
  mla: Janovsky, Adam, et al. “Revisiting the Analysis of References among Common
    Criteria Certified Products.” <i>Computers &#38;amp; Security</i>, vol. 152, 104362,
    Elsevier BV, 2025, doi:<a href="https://doi.org/10.1016/j.cose.2025.104362">10.1016/j.cose.2025.104362</a>.
  short: A. Janovsky, Ł. Chmielewski, P. Svenda, J. Jancar, V. Matyas, Computers &#38;amp;
    Security 152 (2025).
date_created: 2026-04-30T09:26:42Z
date_updated: 2026-04-30T09:32:20Z
doi: 10.1016/j.cose.2025.104362
intvolume: '       152'
language:
- iso: eng
publication: Computers &amp; Security
publication_identifier:
  issn:
  - 0167-4048
publication_status: published
publisher: Elsevier BV
status: public
title: Revisiting the analysis of references among Common Criteria certified products
type: journal_article
user_id: '125442'
volume: 152
year: '2025'
...
---
_id: '65527'
article_number: '103895'
author:
- first_name: Adam
  full_name: Janovsky, Adam
  last_name: Janovsky
- first_name: Jan
  full_name: Jancar, Jan
  last_name: Jancar
- first_name: Petr
  full_name: Svenda, Petr
  last_name: Svenda
- first_name: Łukasz
  full_name: Chmielewski, Łukasz
  last_name: Chmielewski
- first_name: Jiri
  full_name: Michalik, Jiri
  last_name: Michalik
- first_name: Vashek
  full_name: Matyas, Vashek
  last_name: Matyas
citation:
  ama: 'Janovsky A, Jancar J, Svenda P, Chmielewski Ł, Michalik J, Matyas V. sec-certs:
    Examining the security certification practice for better vulnerability mitigation.
    <i>Computers &#38;amp; Security</i>. 2024;143. doi:<a href="https://doi.org/10.1016/j.cose.2024.103895">10.1016/j.cose.2024.103895</a>'
  apa: 'Janovsky, A., Jancar, J., Svenda, P., Chmielewski, Ł., Michalik, J., &#38;
    Matyas, V. (2024). sec-certs: Examining the security certification practice for
    better vulnerability mitigation. <i>Computers &#38;amp; Security</i>, <i>143</i>,
    Article 103895. <a href="https://doi.org/10.1016/j.cose.2024.103895">https://doi.org/10.1016/j.cose.2024.103895</a>'
  bibtex: '@article{Janovsky_Jancar_Svenda_Chmielewski_Michalik_Matyas_2024, title={sec-certs:
    Examining the security certification practice for better vulnerability mitigation},
    volume={143}, DOI={<a href="https://doi.org/10.1016/j.cose.2024.103895">10.1016/j.cose.2024.103895</a>},
    number={103895}, journal={Computers &#38;amp; Security}, publisher={Elsevier BV},
    author={Janovsky, Adam and Jancar, Jan and Svenda, Petr and Chmielewski, Łukasz
    and Michalik, Jiri and Matyas, Vashek}, year={2024} }'
  chicago: 'Janovsky, Adam, Jan Jancar, Petr Svenda, Łukasz Chmielewski, Jiri Michalik,
    and Vashek Matyas. “Sec-Certs: Examining the Security Certification Practice for
    Better Vulnerability Mitigation.” <i>Computers &#38;amp; Security</i> 143 (2024).
    <a href="https://doi.org/10.1016/j.cose.2024.103895">https://doi.org/10.1016/j.cose.2024.103895</a>.'
  ieee: 'A. Janovsky, J. Jancar, P. Svenda, Ł. Chmielewski, J. Michalik, and V. Matyas,
    “sec-certs: Examining the security certification practice for better vulnerability
    mitigation,” <i>Computers &#38;amp; Security</i>, vol. 143, Art. no. 103895, 2024,
    doi: <a href="https://doi.org/10.1016/j.cose.2024.103895">10.1016/j.cose.2024.103895</a>.'
  mla: 'Janovsky, Adam, et al. “Sec-Certs: Examining the Security Certification Practice
    for Better Vulnerability Mitigation.” <i>Computers &#38;amp; Security</i>, vol.
    143, 103895, Elsevier BV, 2024, doi:<a href="https://doi.org/10.1016/j.cose.2024.103895">10.1016/j.cose.2024.103895</a>.'
  short: A. Janovsky, J. Jancar, P. Svenda, Ł. Chmielewski, J. Michalik, V. Matyas,
    Computers &#38;amp; Security 143 (2024).
date_created: 2026-04-30T09:26:34Z
date_updated: 2026-04-30T09:32:22Z
doi: 10.1016/j.cose.2024.103895
intvolume: '       143'
language:
- iso: eng
publication: Computers &amp; Security
publication_identifier:
  issn:
  - 0167-4048
publication_status: published
publisher: Elsevier BV
status: public
title: 'sec-certs: Examining the security certification practice for better vulnerability
  mitigation'
type: journal_article
user_id: '125442'
volume: 143
year: '2024'
...
---
_id: '53541'
article_number: '103353'
author:
- first_name: Antonio
  full_name: Robles-González, Antonio
  last_name: Robles-González
- first_name: Patricia
  full_name: Arias Cabarcos, Patricia
  id: '92804'
  last_name: Arias Cabarcos
- first_name: Javier
  full_name: Parra-Arnau, Javier
  last_name: Parra-Arnau
citation:
  ama: 'Robles-González A, Arias Cabarcos P, Parra-Arnau J. Privacy-centered authentication:
    A new framework and analysis. <i>Computers &#38;amp; Security</i>. 2023;132. doi:<a
    href="https://doi.org/10.1016/j.cose.2023.103353">10.1016/j.cose.2023.103353</a>'
  apa: 'Robles-González, A., Arias Cabarcos, P., &#38; Parra-Arnau, J. (2023). Privacy-centered
    authentication: A new framework and analysis. <i>Computers &#38;amp; Security</i>,
    <i>132</i>, Article 103353. <a href="https://doi.org/10.1016/j.cose.2023.103353">https://doi.org/10.1016/j.cose.2023.103353</a>'
  bibtex: '@article{Robles-González_Arias Cabarcos_Parra-Arnau_2023, title={Privacy-centered
    authentication: A new framework and analysis}, volume={132}, DOI={<a href="https://doi.org/10.1016/j.cose.2023.103353">10.1016/j.cose.2023.103353</a>},
    number={103353}, journal={Computers &#38;amp; Security}, publisher={Elsevier BV},
    author={Robles-González, Antonio and Arias Cabarcos, Patricia and Parra-Arnau,
    Javier}, year={2023} }'
  chicago: 'Robles-González, Antonio, Patricia Arias Cabarcos, and Javier Parra-Arnau.
    “Privacy-Centered Authentication: A New Framework and Analysis.” <i>Computers
    &#38;amp; Security</i> 132 (2023). <a href="https://doi.org/10.1016/j.cose.2023.103353">https://doi.org/10.1016/j.cose.2023.103353</a>.'
  ieee: 'A. Robles-González, P. Arias Cabarcos, and J. Parra-Arnau, “Privacy-centered
    authentication: A new framework and analysis,” <i>Computers &#38;amp; Security</i>,
    vol. 132, Art. no. 103353, 2023, doi: <a href="https://doi.org/10.1016/j.cose.2023.103353">10.1016/j.cose.2023.103353</a>.'
  mla: 'Robles-González, Antonio, et al. “Privacy-Centered Authentication: A New Framework
    and Analysis.” <i>Computers &#38;amp; Security</i>, vol. 132, 103353, Elsevier
    BV, 2023, doi:<a href="https://doi.org/10.1016/j.cose.2023.103353">10.1016/j.cose.2023.103353</a>.'
  short: A. Robles-González, P. Arias Cabarcos, J. Parra-Arnau, Computers &#38;amp;
    Security 132 (2023).
date_created: 2024-04-17T13:17:58Z
date_updated: 2024-04-17T13:18:31Z
doi: 10.1016/j.cose.2023.103353
intvolume: '       132'
keyword:
- Law
- General Computer Science
language:
- iso: eng
publication: Computers &amp; Security
publication_identifier:
  issn:
  - 0167-4048
publication_status: published
publisher: Elsevier BV
status: public
title: 'Privacy-centered authentication: A new framework and analysis'
type: journal_article
user_id: '92804'
volume: 132
year: '2023'
...
---
_id: '13175'
abstract:
- lang: eng
  text: "Today, organizations must deal with a plethora of IT security threats and
    to ensure smooth and\r\nuninterrupted business operations, firms are challenged
    to predict the volume of IT security vulnerabilities\r\nand allocate resources
    for fixing them. This challenge requires decision makers to assess\r\nwhich system
    or software packages are prone to vulnerabilities, how many post-release vulnerabilities\r\ncan
    be expected to occur during a certain period of time, and what impact exploits
    might have.\r\nSubstantial research has been dedicated to techniques that analyze
    source code and detect security\r\nvulnerabilities. However, only limited research
    has focused on forecasting security vulnerabilities\r\nthat are detected and reported
    after the release of software. To address this shortcoming, we apply\r\nestablished
    methodologies which are capable of forecasting events exhibiting specific time
    series\r\ncharacteristics of security vulnerabilities, i.e., rareness of occurrence,
    volatility, non-stationarity,\r\nand seasonality. Based on a dataset taken from
    the National Vulnerability Database (NVD), we use\r\nthe Mean Absolute Error (MAE)
    and Root Mean Square Error (RMSE) to measure the forecasting\r\naccuracy of single,
    double, and triple exponential smoothing methodologies, Croston's methodology,\r\nARIMA,
    and a neural network-based approach. We analyze the impact of the applied forecasting\r\nmethodology
    on the prediction accuracy with regard to its robustness along the dimensions
    of the\r\nexamined system and software package \"operating systems\", \"browsers\"
    and \"office solutions\" and\r\nthe applied metrics. To the best of our knowledge,
    this study is the first to analyze the effect\r\nof forecasting methodologies
    and to apply metrics that are suitable in this context. Our results\r\nshow that
    the optimal forecasting methodology depends on the software or system package,
    as some\r\nmethodologies perform poorly in the context of IT security vulnerabilities,
    that absolute metrics\r\ncan cover the actual prediction error precisely, and
    that the prediction accuracy is robust within the\r\ntwo applied forecasting-error
    metrics."
article_type: original
author:
- first_name: Emrah
  full_name: Yasasin, Emrah
  last_name: Yasasin
- first_name: Julian
  full_name: Prester, Julian
  last_name: Prester
- first_name: Gerit
  full_name: Wagner, Gerit
  last_name: Wagner
- first_name: Guido
  full_name: Schryen, Guido
  id: '72850'
  last_name: Schryen
citation:
  ama: Yasasin E, Prester J, Wagner G, Schryen G. Forecasting IT Security Vulnerabilities
    - An Empirical Analysis. <i>Computers &#38; Security</i>. 2020;88(January).
  apa: Yasasin, E., Prester, J., Wagner, G., &#38; Schryen, G. (2020). Forecasting
    IT Security Vulnerabilities - An Empirical Analysis. <i>Computers &#38; Security</i>,
    <i>88</i>(January).
  bibtex: '@article{Yasasin_Prester_Wagner_Schryen_2020, title={Forecasting IT Security
    Vulnerabilities - An Empirical Analysis}, volume={88}, number={January}, journal={Computers
    &#38; Security}, author={Yasasin, Emrah and Prester, Julian and Wagner, Gerit
    and Schryen, Guido}, year={2020} }'
  chicago: Yasasin, Emrah, Julian Prester, Gerit Wagner, and Guido Schryen. “Forecasting
    IT Security Vulnerabilities - An Empirical Analysis.” <i>Computers &#38; Security</i>
    88, no. January (2020).
  ieee: E. Yasasin, J. Prester, G. Wagner, and G. Schryen, “Forecasting IT Security
    Vulnerabilities - An Empirical Analysis,” <i>Computers &#38; Security</i>, vol.
    88, no. January, 2020.
  mla: Yasasin, Emrah, et al. “Forecasting IT Security Vulnerabilities - An Empirical
    Analysis.” <i>Computers &#38; Security</i>, vol. 88, no. January, 2020.
  short: E. Yasasin, J. Prester, G. Wagner, G. Schryen, Computers &#38; Security 88
    (2020).
date_created: 2019-09-09T18:24:45Z
date_updated: 2022-10-19T15:27:51Z
ddc:
- '000'
department:
- _id: '195'
- _id: '277'
file:
- access_level: open_access
  content_type: application/pdf
  creator: schryen
  date_created: 2019-09-09T18:24:35Z
  date_updated: 2019-09-09T18:24:35Z
  file_id: '13176'
  file_name: Forecasting_IT_Security_Vulnerabilities.pdf
  file_size: 894663
  relation: main_file
file_date_updated: 2019-09-09T18:24:35Z
has_accepted_license: '1'
intvolume: '        88'
issue: January
language:
- iso: eng
oa: '1'
publication: Computers & Security
publication_identifier:
  issn:
  - 0167-4048
publication_status: published
status: public
title: Forecasting IT Security Vulnerabilities - An Empirical Analysis
type: journal_article
user_id: '72850'
volume: 88
year: '2020'
...