This talk explores how machine learning and data mining
techniques can advance empirical software engineering, with a focus on
improving software quality and security. It presents methods for bug
localization, code reviewer recommendation, analyzes vulnerability
lifecycles - including those involving transitive dependencies - and
introduces tools for studying real-world bug-fixing practices. The
evolving role of large language models (LLMs) is examined from dual
perspectives: as development aids and as potential sources of new
security threats. A case study of the XZ Utils supply chain attack
illustrates how modern development workflows can be exploited, using
insights from repository mining. These findings highlight the
potential of data-driven research to enhance the development of secure
and trustworthy software systems.