{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T10:44:45Z","timestamp":1773312285195,"version":"3.50.1"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032006387","type":"print"},{"value":"9783032006394","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-00639-4_18","type":"book-chapter","created":{"date-parts":[[2025,8,9]],"date-time":"2025-08-09T09:58:02Z","timestamp":1754733482000},"page":"316-333","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Unmasking Model Behavior: How LLMs Reason on\u00a0Vulnerability Detection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-4042-4707","authenticated-orcid":false,"given":"Aleksandar","family":"Fontana","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4170-503X","authenticated-orcid":false,"given":"Marco","family":"Simoni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,8,10]]},"reference":[{"key":"18_CR1","unstructured":"et\u00a0al., A.G.: The llama 3 herd of models (2024). https:\/\/arxiv.org\/abs\/2407.21783"},{"key":"18_CR2","unstructured":"et\u00a0al., M.A.: Phi-4 technical report (2024). https:\/\/arxiv.org\/abs\/2412.08905"},{"key":"18_CR3","doi-asserted-by":"publisher","unstructured":"Chen, Y., Ding, Z., Alowain, L., Chen, X., Wagner, D.A.: Diversevul: a new vulnerable source code dataset for deep learning based vulnerability detection. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2023, Hong Kong, China, October 16-18, 2023, pp. 654\u2013668 (2023). https:\/\/doi.org\/10.1145\/3607199.3607242","DOI":"10.1145\/3607199.3607242"},{"key":"18_CR4","doi-asserted-by":"publisher","unstructured":"DeepSeek-AI: Deepseek-r1: Incentivizing reasoning capability in LLMS via reinforcement learning. CoRR abs\/2501.12948 (2025). https:\/\/doi.org\/10.48550\/ARXIV.2501.12948","DOI":"10.48550\/ARXIV.2501.12948"},{"key":"18_CR5","doi-asserted-by":"publisher","unstructured":"Du, X., et al.:.: Vul-rag: enhancing LLM-based vulnerability detection via knowledge-level RAG. CoRR abs\/2406.11147 (2024). https:\/\/doi.org\/10.48550\/ARXIV.2406.11147","DOI":"10.48550\/ARXIV.2406.11147"},{"key":"18_CR6","doi-asserted-by":"publisher","unstructured":"Fan, J., Li, Y., Wang, S., Nguyen, T.N.: A C\/C++ code vulnerability dataset with code changes and CVE summaries. In: MSR \u201920: 17th International Conference on Mining Software Repositories, Seoul, Republic of Korea, 29-30 June, 2020, pp. 508\u2013512 (2020). https:\/\/doi.org\/10.1145\/3379597.3387501","DOI":"10.1145\/3379597.3387501"},{"key":"18_CR7","doi-asserted-by":"publisher","unstructured":"Guo, Y., Patsakis, C., Hu, Q., Tang, Q., Casino, F.: Outside the comfort zone: analysing LLM capabilities in software vulnerability detection. In: Computer Security - ESORICS 2024 - 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16-20, 2024, Proceedings, Part I, pp. 271\u2013289 (2024). https:\/\/doi.org\/10.1007\/978-3-031-70879-4_14","DOI":"10.1007\/978-3-031-70879-4_14"},{"key":"18_CR8","doi-asserted-by":"publisher","unstructured":"Johnson, B., Song, Y., Murphy-Hill, E.R., Bowdidge, R.W.: Why don\u2019t software developers use static analysis tools to find bugs? In: Notkin, D., Cheng, B.H.C., Pohl, K. (eds.) 35th International Conference on Software Engineering, ICSE \u201913, San Francisco, CA, USA, May 18-26, 2013, pp. 672\u2013681. IEEE Computer Society (2013). https:\/\/doi.org\/10.1109\/ICSE.2013.6606613","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"18_CR9","doi-asserted-by":"publisher","unstructured":"Li, Y., et al.: Cleanvul: automatic function-level vulnerability detection in code commits using LLM heuristics. CoRR abs\/2411.17274 (2024). https:\/\/doi.org\/10.48550\/ARXIV.2411.17274","DOI":"10.48550\/ARXIV.2411.17274"},{"key":"18_CR10","unstructured":"Liu, Z., et al.: Understanding r1-zero-like training: a critical perspective (2025). arXiv preprint arXiv:2503.20783"},{"key":"18_CR11","doi-asserted-by":"publisher","DOI":"10.1016\/J.JSS.2024.112031","volume":"212","author":"G Lu","year":"2024","unstructured":"Lu, G., Ju, X., Chen, X., Pei, W., Cai, Z.: GRACE: empowering LLM-based software vulnerability detection with graph structure and in-context learning. J. Syst. Softw. 212, 112031 (2024). https:\/\/doi.org\/10.1016\/J.JSS.2024.112031","journal-title":"J. Syst. Softw."},{"issue":"2","key":"18_CR12","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1007\/S10515-024-00438-9","volume":"31","author":"Z Ren","year":"2024","unstructured":"Ren, Z., Ju, X., Chen, X., Shen, H.: Prorlearn: boosting prompt tuning-based vulnerability detection by reinforcement learning. Autom. Softw. Eng. 31(2), 38 (2024). https:\/\/doi.org\/10.1007\/S10515-024-00438-9","journal-title":"Autom. Softw. Eng."},{"key":"18_CR13","unstructured":"Schulman, J., Wolski, F., Dhariwal, P., Radford, A., Klimov, O.: Proximal policy optimization algorithms (2017). arXiv preprint arXiv:1707.06347"},{"key":"18_CR14","doi-asserted-by":"publisher","unstructured":"Shao, Z., et al.: Deepseekmath: pushing the limits of mathematical reasoning in open language models. CoRR abs\/2402.03300 (2024). https:\/\/doi.org\/10.48550\/ARXIV.2402.03300","DOI":"10.48550\/ARXIV.2402.03300"},{"key":"18_CR15","doi-asserted-by":"publisher","unstructured":"Smith, J., Johnson, B., Murphy-Hill, E.R., Chu, B., Lipford, H.R.: Questions developers ask while diagnosing potential security vulnerabilities with static analysis. In: Nitto, E.D., Harman, M., Heymans, P. (eds.) Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC\/FSE 2015, Bergamo, Italy, August 30 - September 4, 2015. pp. 248\u2013259. ACM (2015). https:\/\/doi.org\/10.1145\/2786805.2786812","DOI":"10.1145\/2786805.2786812"},{"key":"18_CR16","unstructured":"Yang, A.Z.H., Tian, H., Ye, H., Martins, R., Goues, C.L.: Security vulnerability detection with multitask self-instructed fine-tuning of large language models (2024). https:\/\/arxiv.org\/abs\/2406.05892"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-00639-4_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:17:55Z","timestamp":1773245875000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-00639-4_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032006387","9783032006394"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-00639-4_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ghent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Belgium","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ares-12025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2025.ares-conference.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}