Software Vulnerabilities (SVs) are increasing in complexity and scale, posing
great security risks to many software systems. Given the limited resources in
practice, SV assessment and prioritization help practitioners devise optimal SV
mitigation plans based on various SV characteristics. The surges in SV data
sources and data-driven techniques such as Machine Learning and Deep Learning
have taken SV assessment and prioritization to the next level. Our survey
provides a taxonomy of the past research efforts and highlights the best
practices for data-driven SV assessment and prioritization. We also discuss the
current limitations and propose potential solutions to address such issues.

By admin