The thesis advances the field of software security by providing knowledge and automation support for software vulnerability assessment using data-driven approaches. Software vulnerability assessment provides important and multifaceted information to prevent and mitigate dangerous cyber-attacks in the wild. The key contributions include a systematisation of knowledge, along with a suite of novel data-driven techniques and practical recommendations for researchers and practitioners in the area. The thesis results help improve the understanding and inform the practice of assessing ever-increasing vulnerabilities in real-world software systems. This in turn enables more thorough and timely fixing prioritisation and planning of these critical security issues.

翻译：本论文通过提供基于数据驱动方法的软件漏洞评估知识与自动化支持，推动软件安全领域的发展。软件漏洞评估为预防和缓解现实世界中危险的网络攻击提供了重要且多方面的信息。主要贡献包括知识的系统化梳理，以及一系列新颖的数据驱动技术和对该领域研究者与实践者的实用建议。论文成果有助于加深对现实软件系统中日益增多的漏洞评估的理解，并为评估实践提供指导。这进而能够对这些关键安全问题实现更全面、更及时的修复优先级排序与规划。