Towards an Improved Understanding of Software Vulnerability Assessment Using Data-Driven Approaches
It addresses the challenge of assessing vulnerabilities in real-world software systems for cybersecurity professionals, though it appears incremental as it builds on existing data-driven approaches.
The thesis tackled the problem of software vulnerability assessment by systematizing knowledge and developing novel data-driven techniques, resulting in improved understanding and practical recommendations for researchers and practitioners.
The thesis advances the field of software security by providing knowledge and automation support for software vulnerability assessment using data-driven approaches. Software vulnerability assessment provides important and multifaceted information to prevent and mitigate dangerous cyber-attacks in the wild. The key contributions include a systematisation of knowledge, along with a suite of novel data-driven techniques and practical recommendations for researchers and practitioners in the area. The thesis results help improve the understanding and inform the practice of assessing ever-increasing vulnerabilities in real-world software systems. This in turn enables more thorough and timely fixing prioritisation and planning of these critical security issues.