{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T12:55:32Z","timestamp":1770814532135,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032115386","type":"print"},{"value":"9783032115393","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-11539-3_15","type":"book-chapter","created":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T05:13:14Z","timestamp":1770786794000},"page":"255-271","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Source Code Vulnerability Detection and\u00a0Interpretability with\u00a0Language Models"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4468-6812","authenticated-orcid":false,"given":"Leonardo","family":"Silveira","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5307-3292","authenticated-orcid":false,"given":"Claudio A. S.","family":"Lelis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1574-0362","authenticated-orcid":false,"given":"Cesar A. C.","family":"Marcondes","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8240-5129","authenticated-orcid":false,"given":"Filipe A. N.","family":"Verri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,2,12]]},"reference":[{"key":"15_CR1","unstructured":"Ahdritz, G., Qin, T., Vyas, N., Barak, B., Edelman, B.L.: Distinguishing the knowable from the unknowable with language models (2024). https:\/\/arxiv.org\/abs\/2402.03563"},{"key":"15_CR2","doi-asserted-by":"publisher","unstructured":"Ahmad, W.U., Chakraborty, S., Ray, B., Chang, K.W.: Unified pre-training for program understanding and generation (2021). https:\/\/doi.org\/10.48550\/ARXIV.2103.06333","DOI":"10.48550\/ARXIV.2103.06333"},{"key":"15_CR3","doi-asserted-by":"publisher","unstructured":"Atanasova, P., Simonsen, J.G., Lioma, C., Augenstein, I.: A diagnostic study of explainability techniques for text classification (2020). https:\/\/doi.org\/10.48550\/ARXIV.2009.13295","DOI":"10.48550\/ARXIV.2009.13295"},{"key":"15_CR4","doi-asserted-by":"publisher","unstructured":"Augenstein, I., et al.: Factuality challenges in the era of large language models and opportunities for fact-checking (2024). https:\/\/doi.org\/10.1038\/s42256-024-00881-z","DOI":"10.1038\/s42256-024-00881-z"},{"key":"15_CR5","doi-asserted-by":"publisher","unstructured":"Azaria, A., Mitchell, T.: The internal state of an LLM knows when it\u2019s lying. In: Bouamor, H., Pino, J., Bali, K. (eds.) Findings of the Association for Computational Linguistics: EMNLP 2023, pp. 967\u2013976. Association for Computational Linguistics, Singapore (2023). https:\/\/doi.org\/10.18653\/v1\/2023.findings-emnlp.68. https:\/\/aclanthology.org\/2023.findings-emnlp.68\/","DOI":"10.18653\/v1\/2023.findings-emnlp.68"},{"key":"15_CR6","doi-asserted-by":"publisher","unstructured":"Buratti, L., et al.: Exploring software naturalness through neural language models (2020). https:\/\/doi.org\/10.48550\/ARXIV.2006.12641","DOI":"10.48550\/ARXIV.2006.12641"},{"key":"15_CR7","doi-asserted-by":"publisher","unstructured":"Chen, M., et al.: Evaluating large language models trained on code (2021). https:\/\/doi.org\/10.48550\/ARXIV.2107.03374","DOI":"10.48550\/ARXIV.2107.03374"},{"key":"15_CR8","doi-asserted-by":"publisher","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: pre-training of deep bidirectional transformers for language understanding (2018). https:\/\/doi.org\/10.48550\/ARXIV.1810.04805","DOI":"10.48550\/ARXIV.1810.04805"},{"key":"15_CR9","doi-asserted-by":"publisher","unstructured":"Fan, J., Li, Y., Wang, S., Nguyen, T.N.: A C\/C++ code vulnerability dataset with code changes and CVE summaries (2020). https:\/\/doi.org\/10.1145\/3379597.3387501","DOI":"10.1145\/3379597.3387501"},{"key":"15_CR10","doi-asserted-by":"publisher","unstructured":"Feng, Z., et al.: Codebert: a pre-trained model for programming and natural languages (2020). https:\/\/doi.org\/10.48550\/ARXIV.2002.08155","DOI":"10.48550\/ARXIV.2002.08155"},{"key":"15_CR11","doi-asserted-by":"publisher","unstructured":"Garc\u00eda-Carrasco, J., Mat\u00e9, A., Trujillo, J.: Detecting and understanding vulnerabilities in language models via mechanistic interpretability. In: Proceedings of the Thirty-Third International Joint Conference on Artificial Intelligence, IJCAI 2024 (2024). https:\/\/doi.org\/10.24963\/ijcai.2024\/43","DOI":"10.24963\/ijcai.2024\/43"},{"key":"15_CR12","doi-asserted-by":"publisher","unstructured":"Hanif, H., Maffeis, S.: Vulberta: simplified source code pre-training for vulnerability detection (2022). https:\/\/doi.org\/10.48550\/ARXIV.2205.12424","DOI":"10.48550\/ARXIV.2205.12424"},{"key":"15_CR13","doi-asserted-by":"publisher","unstructured":"Haurogn\u00e9, J., Basheer, N., Islam, S.: Vulnerability detection using BERT based LLM model with transparency obligation practice towards trustworthy AI. Mach. Learn. Appl. 18, 100598 (2024). https:\/\/doi.org\/10.1016\/j.mlwa.2024.100598. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2666827024000744","DOI":"10.1016\/j.mlwa.2024.100598"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Hindle, A., Barr, E.T., Su, Z., Gabel, M., Devanbu, P.: On the naturalness of software (2012)","DOI":"10.1109\/ICSE.2012.6227135"},{"key":"15_CR15","unstructured":"Mao, Q., Li, Z., Hu, X., Liu, K., Xia, X., Sun, J.: Towards explainable vulnerability detection with large language models (2025). https:\/\/arxiv.org\/abs\/2406.09701"},{"key":"15_CR16","unstructured":"OpenAI, Achiam, J., et al.: GPT-4 technical report (2024). https:\/\/arxiv.org\/abs\/2303.08774"},{"key":"15_CR17","doi-asserted-by":"publisher","unstructured":"Phan, L., et al.: Cotext: multi-task learning with code-text transformer (2021). https:\/\/doi.org\/10.48550\/ARXIV.2105.08645","DOI":"10.48550\/ARXIV.2105.08645"},{"key":"15_CR18","doi-asserted-by":"publisher","unstructured":"Purba, M.D., Ghosh, A., Radford, B.J., Chu, B.: Software vulnerability detection using large language models. In: 2023 IEEE 34th International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 112\u2013119 (2023). https:\/\/doi.org\/10.1109\/ISSREW60843.2023.00058","DOI":"10.1109\/ISSREW60843.2023.00058"},{"key":"15_CR19","unstructured":"Radford, A., Narasimhan, K.: Improving language understanding by generative pre-training (2018)"},{"key":"15_CR20","doi-asserted-by":"publisher","unstructured":"Raffel, C., et al.: Exploring the limits of transfer learning with a unified text-to-text transformer (2019). https:\/\/doi.org\/10.48550\/ARXIV.1910.10683","DOI":"10.48550\/ARXIV.1910.10683"},{"key":"15_CR21","doi-asserted-by":"publisher","unstructured":"Rahman, M.M., Ceka, I., Mao, C., Chakraborty, S., Ray, B., Le, W.: Towards causal deep learning for vulnerability detection. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering, ICSE 2024. Association for Computing Machinery, New York (2024). https:\/\/doi.org\/10.1145\/3597503.3639170","DOI":"10.1145\/3597503.3639170"},{"key":"15_CR22","doi-asserted-by":"publisher","unstructured":"Russell, R.L., et al.: Automated vulnerability detection in source code using deep representation learning (2018). https:\/\/doi.org\/10.48550\/ARXIV.1807.04320","DOI":"10.48550\/ARXIV.1807.04320"},{"key":"15_CR23","doi-asserted-by":"publisher","unstructured":"Sotgiu, A., Pintor, M., Biggio, B.: Explainability-based debugging of machine learning for vulnerability discovery (2022). https:\/\/doi.org\/10.1145\/3538969.3543809","DOI":"10.1145\/3538969.3543809"},{"key":"15_CR24","doi-asserted-by":"publisher","unstructured":"Sundararajan, M., Taly, A., Yan, Q.: Axiomatic attribution for deep networks (2017). https:\/\/doi.org\/10.48550\/ARXIV.1703.01365","DOI":"10.48550\/ARXIV.1703.01365"},{"key":"15_CR25","doi-asserted-by":"publisher","first-page":"29698","DOI":"10.1109\/ACCESS.2025.3541146","volume":"13","author":"K Tamberg","year":"2025","unstructured":"Tamberg, K., Bahsi, H.: Harnessing large language models for software vulnerability detection: a comprehensive benchmarking study. IEEE Access 13, 29698\u201329717 (2025). https:\/\/doi.org\/10.1109\/ACCESS.2025.3541146","journal-title":"IEEE Access"},{"key":"15_CR26","unstructured":"Touvron, H., et al.: Llama: open and efficient foundation language models (2023). https:\/\/arxiv.org\/abs\/2302.13971"},{"key":"15_CR27","doi-asserted-by":"publisher","unstructured":"Vaswani, A., et al.: Attention is all you need (2017). https:\/\/doi.org\/10.48550\/ARXIV.1706.03762","DOI":"10.48550\/ARXIV.1706.03762"},{"key":"15_CR28","doi-asserted-by":"publisher","unstructured":"Wan, Y., Zhao, W., Zhang, H., Sui, Y., Xu, G., Jin, H.: What do they capture? A structural analysis of pre-trained language models for source code (2022). https:\/\/doi.org\/10.1145\/3510003.3510050","DOI":"10.1145\/3510003.3510050"},{"issue":"5","key":"15_CR29","doi-asserted-by":"publisher","first-page":"1480","DOI":"10.1109\/TSE.2020.3023177","volume":"48","author":"S Wattanakriengkrai","year":"2022","unstructured":"Wattanakriengkrai, S., Thongtanunam, P., Tantithamthavorn, C., Hata, H., Matsumoto, K.: Predicting defective lines using a model-agnostic technique. IEEE Trans. Softw. Eng. 48(5), 1480\u20131496 (2022)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"15_CR30","doi-asserted-by":"publisher","unstructured":"Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs (2014). https:\/\/doi.org\/10.1109\/SP.2014.44","DOI":"10.1109\/SP.2014.44"},{"key":"15_CR31","unstructured":"Yu, J., et al.: An insight into security code review with LLMs: capabilities, obstacles and influential factors (2024). https:\/\/arxiv.org\/abs\/2401.16310"},{"key":"15_CR32","doi-asserted-by":"publisher","unstructured":"Zhou, X., Zhang, T., Lo, D.: Large language model for vulnerability detection: emerging results and future directions. In: Proceedings of the 2024 ACM\/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2024, pp. 47\u201351. Association for Computing Machinery, New York (2024). https:\/\/doi.org\/10.1145\/3639476.3639762","DOI":"10.1145\/3639476.3639762"},{"key":"15_CR33","doi-asserted-by":"publisher","unstructured":"Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks (2019). https:\/\/doi.org\/10.48550\/ARXIV.1909.03496","DOI":"10.48550\/ARXIV.1909.03496"}],"container-title":["Communications in Computer and Information Science","Dependable and Secure Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-11539-3_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T05:13:20Z","timestamp":1770786800000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-11539-3_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032115386","9783032115393"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-11539-3_15","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"12 February 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"LADC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Latin-American Symposium on Dependable Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Valpara\u00edso","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Chile","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ladc2025a","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ladc.sbc.org.br\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}