Automating Vulnerability Management in the Software Development Lifecycle.

Managing the presence of vulnerabilities in software can be a time and resource consuming process. The advancements in machine learning (ML) over the past few years have allowed us to automate parts of the software development lifecycle, including the identification of vulnerabilities starting from bug reports. However, such approaches have known gaps generally related with subpar effectiveness. In this PhD, we intend to propose a vulnerability management framework aiming at four main objectives: i) highly effective vulnerability identification starting from bug reports; ii) detailed vulnerability classification; iii) prediction of main aspects related with the correction (e.g., defect triage); and iv) recommending corrections based on the detailed knowledge obtained in the previous phases.