Software vulnerabilities seriously jeopardize software security. It would be highly beneficial if developers could receive severity reminders regarding vulnerabilities when developing software systems. Therefore, when handling numerous vulnerabilities, it’s crucial to prioritize the most critical ones and assess their severity early for effective resolution. Vulnerability assessment needs to train multiple assessment tasks simultaneously. Previous works suffer from task-disharmonious issues when conducting vulnerability assessments because they fail to balance the magnitude of gradients across multiple tasks and the conflicts in gradient directions. Additionally, they use identical code embedding for all classifiers without extracting task-related features.

In this study, we are the first to conduct vulnerability assessment in a task-harmonious way by harmonizing gradient direction and magnitude, and filtering out task-specific features for each classifier. In addition, we use finer-grained contextual information than existing works by program slicing to further boost the model performance. According to experiment results, our model has demonstrated state-of-the-art performance at both the commit and function levels. Specifically, in function-level tasks, our model achieves an average of 0.819 in F1-Score and 0.742 in MCC, outperforming all baseline models. For commit-level, our model enhances the average performance of the best baseline model by 29.6% and 64.7% in F1-Score and MCC, respectively.