{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:31:40Z","timestamp":1763443900298,"version":"3.45.0"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032120915","type":"print"},{"value":"9783032120922","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-12092-2_3","type":"book-chapter","created":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:28:34Z","timestamp":1763443714000},"page":"36-52","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cross-Domain Evaluation of\u00a0Transformer-Based Vulnerability Detection on\u00a0Open and Industry Data"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-3156-6211","authenticated-orcid":false,"given":"Moritz","family":"Mock","sequence":"first","affiliation":[]},{"given":"Thomas","family":"Forrer","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3737-9264","authenticated-orcid":false,"given":"Barbara","family":"Russo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,19]]},"reference":[{"issue":"8","key":"3_CR1","doi-asserted-by":"publisher","first-page":"2163","DOI":"10.1109\/TSE.2024.3423712","volume":"50","author":"P Chakraborty","year":"2024","unstructured":"Chakraborty, P., Arumugam, K.K., Alfadel, M., Nagappan, M., McIntosh, S.: Revisiting the performance of deep learning-based vulnerability detection on realistic datasets. IEEE Trans. Software Eng. 50(8), 2163\u20132177 (2024). https:\/\/doi.org\/10.1109\/TSE.2024.3423712","journal-title":"IEEE Trans. Software Eng."},{"key":"3_CR2","unstructured":"Chen, T., et al.: The lottery ticket hypothesis for pre-trained BERT networks. In: Advances in Neural Information Processing Systems, vol.\u00a033. Curran Associates, Inc. (2020)"},{"key":"3_CR3","doi-asserted-by":"publisher","unstructured":"Croft, R., Babar, M.A., Kholoosi, M.M.: Data quality for software vulnerability datasets. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 121\u2013133 (2023). https:\/\/doi.org\/10.1109\/ICSE48619.2023.00022","DOI":"10.1109\/ICSE48619.2023.00022"},{"key":"3_CR4","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding (2019). https:\/\/arxiv.org\/abs\/1810.04805"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Dong, C., Li, S., Yang, S., Xiao, Y., Wang, Y., Li, H., Li, Z., Sun, L.: LibvDiff: library version difference guided OSS version identification in binaries. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. ICSE \u201924, Association for Computing Machinery, New York, NY, USA (2024)","DOI":"10.1145\/3597503.3623336"},{"key":"3_CR6","doi-asserted-by":"crossref","unstructured":"Fan, J., Li, Y., Wang, S., Nguyen, T.N.: A C\/C++ code vulnerability dataset with code changes and CVE summaries. In: 2020 IEEE\/ACM 17th International Conference on Mining Software Repositories (MSR), pp. 508\u2013512 (2020)","DOI":"10.1145\/3379597.3387501"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Feng, Z., et\u00a0al.: CodeBERT: a pre-trained model for programming and natural languages. arXiv preprint arXiv:2002.08155 (2020)","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Fitzgerald, B., Kesan, J.P., Russo, B., Shaikh, M., Succi, G.: Adopting Open Source Software: A Practical Guide. The MIT Press (2011)","DOI":"10.7551\/mitpress\/9780262516358.001.0001"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Fu, M., Tantithamthavorn, C.: LineVul: a transformer-based line-level vulnerability prediction. In: Proceedings of the 19th International Conference on Mining Software Repositories, pp. 608\u2013620 (2022)","DOI":"10.1145\/3524842.3528452"},{"key":"3_CR10","unstructured":"Gamma, E.: Design patterns: elements of reusable object-oriented software. Person Education Inc (1995)"},{"key":"3_CR11","unstructured":"Guo, D., Lu, S., Duan, N., Wang, Y., Zhou, M., Yin, J.: UniXcoder: unified cross-modal pre-training for code representation (2022). https:\/\/arxiv.org\/abs\/2203.03850, published in ACL 2022"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Hin, D., Kan, A., Chen, H., Babar, M.A.: LineVD: statement-level vulnerability detection using graph neural networks. In: Proceedings of the 19th International Conference on Mining Software Repositories, pp. 596\u2013607. MSR \u201922, Association for Computing Machinery, New York, NY, USA (2022)","DOI":"10.1145\/3524842.3527949"},{"key":"3_CR13","unstructured":"Husain, H., Wu, H.H., Gazit, T., Allamanis, M., Brockschmidt, M.: CodeSearchNet challenge: evaluating the state of semantic code search. arXiv preprint arXiv:1909.09436 (2019)"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Improta, C., Tufano, R., Liguori, P., Cotroneo, D., Bavota, G.: Quality in, quality out: investigating training data\u2019s role in AI code generation. In: 2025 IEEE\/ACM 33rd International Conference on Program Comprehension (ICPC) (2025)","DOI":"10.1109\/ICPC66645.2025.00056"},{"key":"3_CR15","doi-asserted-by":"publisher","unstructured":"Le, T.H.M., Ali\u00a0Babar, M.: Mitigating data imbalance for software vulnerability assessment: does data augmentation help? In: Proceedings of the 18th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 119\u2013130. ESEM \u201924, Association for Computing Machinery, New York, NY, USA (2024). https:\/\/doi.org\/10.1145\/3674805.3686674","DOI":"10.1145\/3674805.3686674"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Lenarduzzi, V., Lomio, F., Huttunen, H., Taibi, D.: Are SonarQube rules inducing bugs? In: 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 501\u2013511 (2020)","DOI":"10.1109\/SANER48275.2020.9054821"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Li, K., et al.: Comparison and evaluation on static application security testing (SAST) tools for java. In: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 921\u2013933. ESEC\/FSE 2023, Association for Computing Machinery, New York, NY, USA (2023)","DOI":"10.1145\/3611643.3616262"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Li, Z., et\u00a0al.: VulDeePecker: a deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)","DOI":"10.14722\/ndss.2018.23158"},{"key":"3_CR19","unstructured":"McConnell, S.: Code complete. Pearson Education (2004)"},{"key":"3_CR20","doi-asserted-by":"publisher","unstructured":"Mock, M., Borsani, T., Di\u00a0Fatta, G., Russo, B.: Optimizing deep learning models to address class imbalance in code comment classification. In: 2025 IEEE\/ACM International Workshop on Natural Language-Based Software Engineering (NLBSE), pp. 45\u201348 (2025). https:\/\/doi.org\/10.1109\/NLBSE66842.2025.00016","DOI":"10.1109\/NLBSE66842.2025.00016"},{"key":"3_CR21","unstructured":"Mock, M., Forrer, T., Russo, B.: Cross-evaluation of transformer-based vulnerability detection on open and proprietary data (2025). https:\/\/github.com\/CybersecurityLab-unibz\/cross_domain_evaluation"},{"key":"3_CR22","doi-asserted-by":"crossref","unstructured":"Mock, M., Forrer, T., Russo, B.: Where do developers admit their security-related concerns? In: Agile Processes in Software Engineering and Extreme Programming \u2013 Workshops, pp. 189\u2013195. Springer Nature Switzerland, Cham (2025)","DOI":"10.1007\/978-3-031-72781-8_21"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Mock, M., Melegati, J., Kretschmann, M., Diaz\u00a0Ferreyra, N.E., Russo, B.: MADE-WIC: Multiple annotated datasets for exploring weaknesses in code. In: Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering, pp. 2346\u20132349. ASE \u201924, Association for Computing Machinery (2024)","DOI":"10.1145\/3691620.3695348"},{"key":"3_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102470","volume":"111","author":"A Nguyen-Duc","year":"2021","unstructured":"Nguyen-Duc, A., Do, M.V., Luong Hong, Q., Nguyen Khac, K., Nguyen Quang, A.: On the adoption of static analysis for software security assessment\u2013a case study of an open-source e-government project. Comput. Secur. 111, 102470 (2021)","journal-title":"Comput. Secur."},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Pan, S., Bao, L., Zhou, J., Hu, X., Xia, X., Li, S.: Unveil the mystery of critical software vulnerabilities. In: Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering, pp. 138\u2013149. FSE 2024, Association for Computing Machinery, New York, NY, USA (2024)","DOI":"10.1145\/3663529.3663835"},{"key":"3_CR26","unstructured":"PMD-CPD (2024). https:\/\/pmd.github.io\/pmd\/pmd_userdocs_cpd.html"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"Prechelt, L.: Early stopping-but when? In: Neural Networks: Tricks of the trade, pp. 55\u201369. Springer (2002)","DOI":"10.1007\/3-540-49430-8_3"},{"key":"3_CR28","unstructured":"r2c: Semgrep (2024). https:\/\/semgrep.dev, version 0.73.0"},{"key":"3_CR29","unstructured":"Red\u00a0Hat, I.: OpenShift: Kubernetes Platform for Developing and Running Applications (2011). https:\/\/www.openshift.com\/. Accessed 16 Jun 2025"},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"Russo, B., Melegati, J., Mock, M.: Leveraging multi-task learning to improve the detection of SATD and vulnerability. In: 2025 IEEE\/ACM 33rd International Conference on Program Comprehension (ICPC), pp. 01\u201312 (2025)","DOI":"10.1109\/ICPC66645.2025.00017"},{"key":"3_CR31","unstructured":"Schwaber, K., Sutherland, J.: The scrum guide. Scrum Alliance 21(1), 1\u201338 (2011)"},{"key":"3_CR32","doi-asserted-by":"crossref","unstructured":"Sneath, P.: The application of computers to taxonomy. Microbiology 17(1) (1957)","DOI":"10.1099\/00221287-17-1-201"},{"key":"3_CR33","unstructured":"SonarSource S.A: Sonarqube (2024). https:\/\/www.sonarqube.org, version 9.4"},{"key":"3_CR34","doi-asserted-by":"crossref","unstructured":"Thomas, T.W., Tabassum, M., Chu, B., Lipford, H.: Security during application development: an application security expert perspective. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1\u201312 (2018)","DOI":"10.1145\/3173574.3173836"},{"key":"3_CR35","unstructured":"Torvalds, L., Hamano, J.C.: Git: Distributed Version Control System (2005). https:\/\/git-scm.com\/. Accessed 16 Jun 2025"},{"key":"3_CR36","unstructured":"Tree-sitter Project: Tree-sitter: an incremental parsing system for programming tools (2018). https:\/\/tree-sitter.github.io\/tree-sitter\/. accessed 16 Jun 2025"},{"key":"3_CR37","unstructured":"Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems (2017)"}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement. Industry, Doctoral-Symposium, Tutorial, and Workshop Papers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-12092-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:28:40Z","timestamp":1763443720000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-12092-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"ISBN":["9783032120915","9783032120922"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-12092-2_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"19 November 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Salerno","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conf.researchr.org\/home\/profes-2025","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}