:. Bugcrowd and . Bugcrowd,

H. Cavusoglu, H. Cavusoglu, and S. Raghunathan, Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge, IEEE TSE, 2007.

D. Crocker, Mailbox Names for Common Services, Roles and Functions. RFC 2142, Internet Engineering Task Force, 1997.

A. Decan, T. Mens, and E. Constantinou, On the impact of security vulnerabilities in the npm package dependency network, 2018.

E. Foudil and Y. Shafranovich,

E. Foudil and Y. Shafranovich, A method for web security policies, 2018.

. Github,

. Github, GitHub: Open source survey

. Hackerone, HackerOne: Vulnerability disclosure policy basics: 5 critical components

R. G. Kula, D. M. German, A. Ouni, T. Ishio, and K. Inoue, Do developers update their library dependencies?, 2018.

O. Legunsen, W. U. Hassan, X. Xu, G. Ro?u, and D. Marinov, How good are the specs? A study of the bug-finding effectiveness of existing Java API specifications, 2016.

C. Liu, R. W. White, and S. Dumais, Understanding web browsing behaviors through Weibull analysis of dwell time, 2010.

S. Mirhosseini and C. Parnin, Can automated pull requests encourage software developers to upgrade out-of-date dependencies, 2017.

N. Munaiah, S. Kroh, C. Cabrey, and M. Nagappan, Curating GitHub for engineered software projects, 2017.

A. Nesbitt and B. Nickolls, Libraries.io open source repository and dependency metadata, 2017.

, OWASP Foundation: Top ten security risks, NIST: National vulnerability database, vol.23, 2017.

G. Podjarny, Rapid7: NIST cyber framework updated with coordinated vuln disclosure processes, Open source vulnerabilities tripped Equifax, 2017.

A. Tetelman, bounty-targets-data, 2018.

J. Williams and A. Dabirsiaghi, The unfortunate reality of insecure libraries