{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T14:12:31Z","timestamp":1781014351192,"version":"3.54.1"},"reference-count":68,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,10,21]],"date-time":"2021-10-21T00:00:00Z","timestamp":1634774400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,10,21]],"date-time":"2021-10-21T00:00:00Z","timestamp":1634774400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["MA 5030\/3\u2013 1"],"award-info":[{"award-number":["MA 5030\/3\u2013 1"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["01IS18074E"],"award-info":[{"award-number":["01IS18074E"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V. (DLR)"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2022,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Due to the continuous digitalization of our society, distributed and web-based applications become omnipresent and making them more secure gains paramount relevance. Deep learning (DL) and its representation learning approach are increasingly been proposed for program code analysis potentially providing a powerful means in making software systems less vulnerable. This systematic literature review (SLR) is aiming for a thorough analysis and comparison of 32 primary studies on DL-based vulnerability analysis of program code. We found a rich variety of proposed analysis approaches, code embeddings and network topologies. We discuss these techniques and alternatives in detail. By compiling commonalities and differences in the approaches, we identify the current state of research in this area and discuss future directions. We also provide an overview of publicly available datasets in order to foster a stronger benchmarking of approaches. This SLR provides an overview and starting point for researchers interested in deep vulnerability analysis on program code.<\/jats:p>","DOI":"10.1007\/s10664-021-10029-x","type":"journal-article","created":{"date-parts":[[2021,10,21]],"date-time":"2021-10-21T10:05:04Z","timestamp":1634810704000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Deep security analysis of program code"],"prefix":"10.1007","volume":"27","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0067-1790","authenticated-orcid":false,"given":"Tim","family":"Sonnekalb","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8816-7013","authenticated-orcid":false,"given":"Thomas S.","family":"Heinze","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6871-2707","authenticated-orcid":false,"given":"Patrick","family":"M\u00e4der","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,10,21]]},"reference":[{"key":"10029_CR1","unstructured":"National Institute of Standards and Technology (2020) Vulnerability - Glossary | CSRC. https:\/\/csrc.nist.gov\/glossary\/term\/vulnerability"},{"key":"10029_CR2","unstructured":"National Vulnerability Database (2020) NVD - National Vulnerability Database - Search and Statistics. https:\/\/nvd.nist.gov\/vuln\/search"},{"key":"10029_CR3","doi-asserted-by":"publisher","unstructured":"Kumar C, Yadav DK (2017) Software defects estimation using metrics of early phases of software development life cycle. https:\/\/doi.org\/10.1007\/s13198-014-0326-2. https:\/\/ideas.repec.org\/a\/spr\/ijsaem\/v8y2017i4d10.1007_s13198-014-0326-2.html, vol 8, pp 2109\u20132117","DOI":"10.1007\/s13198-014-0326-2"},{"issue":"4","key":"10029_CR4","doi-asserted-by":"publisher","first-page":"81:1","DOI":"10.1145\/3212695","volume":"51","author":"M Allamanis","year":"2018","unstructured":"Allamanis M, Barr ET, Devanbu P, Sutton C (2018) A survey of machine learning for big code and naturalness. ACM Comput Surv 51(4):81:1\u201381:37. https:\/\/doi.org\/10.1145\/3212695","journal-title":"ACM Comput Surv"},{"key":"10029_CR5","unstructured":"The MITRE Corporation (2020) CWE - CWE List Version 4.0. https:\/\/cwe.mitre.org\/data\/index.html"},{"issue":"4","key":"10029_CR6","first-page":"81","volume":"51","author":"M Allamanis","year":"2018","unstructured":"Allamanis M, Barr ET, Devanbu P, Sutton C (2018) A survey of machine learning for big code and naturalness. ACM Comput Surv (CSUR) 51 (4):81","journal-title":"ACM Comput Surv (CSUR)"},{"key":"10029_CR7","doi-asserted-by":"crossref","unstructured":"Ucci D, Aniello L, Baldoni R (2019) Survey of machine learning techniques for malware analysis. DOI:10.1016\/j.cose.2018.11.001. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404818303808, vol 81, pp 123\u2013147","DOI":"10.1016\/j.cose.2018.11.001"},{"issue":"10","key":"10029_CR8","doi-asserted-by":"publisher","first-page":"1825","DOI":"10.1109\/JPROC.2020.2993293","volume":"108","author":"G Lin","year":"2020","unstructured":"Lin G, Wen S, Han QL, Zhang J, Xiang Y (2020) Software vulnerability detection using deep neural networks: a survey. Proc IEEE 108(10):1825\u20131848. https:\/\/doi.org\/10.1109\/JPROC.2020.2993293","journal-title":"Proc IEEE"},{"key":"10029_CR9","doi-asserted-by":"publisher","unstructured":"Choi YH, Liu P, Shang Z, Wang H, Wang Z, Zhang L, Zhou J, Zou Q (2020) Using deep learning to solve computer security challenges: a survey. Cybersecurity 3(15). https:\/\/doi.org\/10.1186\/s42400-020-00055-5","DOI":"10.1186\/s42400-020-00055-5"},{"key":"10029_CR10","doi-asserted-by":"publisher","unstructured":"Berman DS, Buczak AL, Chavis JS, Corbett CL (2019). A survey of deep learning methods for cyber security. Information 10(4). https:\/\/doi.org\/10.3390\/info10040122. https:\/\/www.mdpi.com\/2078-2489\/10\/4\/122","DOI":"10.3390\/info10040122"},{"key":"10029_CR11","doi-asserted-by":"publisher","unstructured":"Guan Z, Bian L, Shang T, Liu J (2018) When machine learning meets security issues: A survey. In: 2018 IEEE international conference on intelligence and safety for robotics (ISR). pp 158\u2013165. https:\/\/doi.org\/10.1109\/IISR.2018.8535799","DOI":"10.1109\/IISR.2018.8535799"},{"key":"10029_CR12","doi-asserted-by":"publisher","unstructured":"Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. https:\/\/doi.org\/10.1016\/j.jisa.2019.102419. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2214212619305046, vol 50, p 102419","DOI":"10.1016\/j.jisa.2019.102419"},{"key":"10029_CR13","doi-asserted-by":"publisher","unstructured":"Ghaffarian SM, Shahriari HR (2017) Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput Surv 50(4). https:\/\/doi.org\/10.1145\/3092566","DOI":"10.1145\/3092566"},{"key":"10029_CR14","doi-asserted-by":"publisher","unstructured":"Jie G, Xiao-Hui K, Qiang L (2016) Survey on software vulnerability analysis method based on machine learning. In: 2016 IEEE first international conference on data science in cyberspace (DSC), pp 642\u2013647. https:\/\/doi.org\/10.1109\/DSC.2016.33","DOI":"10.1109\/DSC.2016.33"},{"key":"10029_CR15","doi-asserted-by":"publisher","unstructured":"Le Q, Boydell O, Mac Namee B, Scanlon M (2018) Deep learning at the shallow end: Malware classification for non-domain experts. https:\/\/doi.org\/10.1016\/j.diin.2018.04.024. http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1742287618302032, vol 26, pp S118\u2013S126","DOI":"10.1016\/j.diin.2018.04.024"},{"key":"10029_CR16","doi-asserted-by":"publisher","unstructured":"Cakir B, Dogdu E (2018) Malware classification using deep learning methods. In: Proceedings of the ACMSE 2018 conference, ACMSE \u201918. Association for Computing Machinery, Richmond, pp 1\u20135. https:\/\/doi.org\/10.1145\/3190645.3190692","DOI":"10.1145\/3190645.3190692"},{"issue":"POPL","key":"10029_CR17","doi-asserted-by":"publisher","first-page":"40:1","DOI":"10.1145\/3290353","volume":"3","author":"U Alon","year":"2019","unstructured":"Alon U, Zilberstein M, Levy O, Yahav E (2019) code2vec: learning distributed representations of code. Proc ACM Program Lang 3(POPL):40:1\u201340:29. https:\/\/doi.org\/10.1145\/3290353","journal-title":"Proc ACM Program Lang"},{"key":"10029_CR18","doi-asserted-by":"publisher","unstructured":"Hellendoorn VJ, Bird C, Barr ET, Allamanis M (2018) Deep learning type inference. In: Proceedings of the 2018 26th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, ESEC\/FSE 2018. Association for Computing Machinery, Lake Buena Vista, pp 152\u2013162. https:\/\/doi.org\/10.1145\/3236024.3236051","DOI":"10.1145\/3236024.3236051"},{"key":"10029_CR19","doi-asserted-by":"publisher","unstructured":"Cambronero J, Li H, Kim S, Sen K, Chandra S (2019) When deep learning met code search. In: Proceedings of the 2019 27th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, ESEC\/FSE 2019. Association for Computing Machinery, Tallinn. https:\/\/doi.org\/10.1145\/3338906.3340458, pp 964\u2013974","DOI":"10.1145\/3338906.3340458"},{"issue":"7553","key":"10029_CR20","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521 (7553):436\u2013444. https:\/\/doi.org\/10.1038\/nature14539. https:\/\/www.nature.com\/articles\/nature14539","journal-title":"Nature"},{"issue":"1","key":"10029_CR21","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/s10664-011-9190-8","volume":"18","author":"Y Shin","year":"2013","unstructured":"Shin Y, Williams L (2013) Can traditional fault prediction models be used for vulnerability prediction? Empir Softw Eng 18(1):25\u201359. 10.1007\/s10664-011-9190-8","journal-title":"Empir Softw Eng"},{"key":"10029_CR22","doi-asserted-by":"crossref","unstructured":"Pradel M, Chandra S (2021) Neural software analysis. Commun ACM. arXiv:2011.07986v2","DOI":"10.1145\/3460348"},{"key":"10029_CR23","doi-asserted-by":"crossref","unstructured":"Hindle A, Barr ET, Su Z, Gabel M, Devanbu P (2012) On the naturalness of software. In: Proceedings of the 34th international conference on software engineering, ICSE \u201912. IEEE Press, Zurich, pp 837\u2013847","DOI":"10.1109\/ICSE.2012.6227135"},{"key":"10029_CR24","doi-asserted-by":"crossref","unstructured":"Johnson B, Song Y, Murphy-Hill E, Bowdidge R (2013) Why don\u2019t software developers use static analysis tools to find bugs?. In: Proceedings of the 2013 international conference on software engineering, iCSE \u201913. IEEE Press, San Francisco, pp 672\u2013681","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"10029_CR25","doi-asserted-by":"crossref","unstructured":"Christakis M, Bird C (2016) What developers want and need from program analysis: an empirical study. In: Proceedings of the 31st IEEE\/ACM international conference on automated software engineering, ASE 2016. Association for Computing Machinery, New York, pp 332\u2013343","DOI":"10.1145\/2970276.2970347"},{"issue":"OOPSLA","key":"10029_CR26","doi-asserted-by":"publisher","first-page":"84:1","DOI":"10.1145\/3133908","volume":"1","author":"CV Lopes","year":"2017","unstructured":"Lopes CV, Maj P, Martins P, Saini V, Yang D, Zitny J, Sajnani H, Vitek J (2017) D\u00e9j\u00e0vu: a map of code duplicates on GitHub. Proc ACM Prog Lang 1(OOPSLA):84:1\u201384:28. https:\/\/doi.org\/10.1145\/3133908","journal-title":"Proc ACM Prog Lang"},{"key":"10029_CR27","doi-asserted-by":"publisher","unstructured":"Kalliamvakou E, Gousios G, Blincoe K, Singer L, German DM, Damian D (2014) The promises and perils of mining GitHub. In: Proceedings of the 11th working conference on mining software repositories, MSR 2014. Association for Computing Machinery, Hyderabad. https:\/\/doi.org\/10.1145\/2597073.2597074, pp 92\u2013101","DOI":"10.1145\/2597073.2597074"},{"key":"10029_CR28","doi-asserted-by":"publisher","unstructured":"Komer B, Bergstra J, Eliasmith C (2014) Hyperopt-Sklearn: automatic hyperparameter configuration for scikit-learn. In: Proceedings of the 2014 Python in science conferences, Austin, Texas, pp 32\u201337. https:\/\/doi.org\/10.25080\/Majora-14bd3278-006. https:\/\/conference.scipy.org\/proceedings\/scipy2014\/komer.html","DOI":"10.25080\/Majora-14bd3278-006"},{"key":"10029_CR29","unstructured":"Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering. Tech. rep. https:\/\/www.elsevier.com\/__data\/promis_misc\/525444systematicreviewsguide.pdf"},{"key":"10029_CR30","doi-asserted-by":"publisher","unstructured":"Markovtsev V, Long W (2018) Public git archive: a big code dataset for all. In: Proceedings of the 15th international conference on mining software repositories,MSR \u201918. Association for Computing Machinery, Gothenburg, pp 34\u201337. https:\/\/doi.org\/10.1145\/3196398.3196464","DOI":"10.1145\/3196398.3196464"},{"issue":"123005","key":"10029_CR31","first-page":"3","volume":"123","author":"PE Black","year":"2018","unstructured":"Black PE (2018) A software assurance reference dataset: Thousands of programs with known bugs. J Res Natl Inst Standards Technol 123(123005):3","journal-title":"J Res Natl Inst Standards Technol"},{"key":"10029_CR32","volume-title":"Language insecurity open source business resource place","author":"F Michaud","year":"2008","unstructured":"Michaud F, Painchaud F (2008) Language insecurity open source business resource place. Ottawa Publisher, Ottawa. Talent First Network"},{"key":"10029_CR33","unstructured":"National Vulnerability Database (2014) NVD - CVE-2014-1912. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1912"},{"key":"10029_CR34","doi-asserted-by":"crossref","unstructured":"Chen Z, Monperrus M (2019)","DOI":"10.1145\/3349589"},{"key":"10029_CR35","unstructured":"Mikolov T, Sutskever I, Chen K, Corrado G, Dean J (2013) Distributed representations of words and phrases and their compositionality. In: Proceedings of the 26th international conference on neural information processing systems, NIPS\u201913, vol 2. Curran Associates Inc., Lake Tahoe, pp 3111\u20133119"},{"key":"10029_CR36","doi-asserted-by":"publisher","unstructured":"Pennington J, Socher R, Manning C (2014) GloVe: Global vectors for word representation. In: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP). Association for Computational Linguistics, Doha, pp 1532\u20131543. https:\/\/doi.org\/10.3115\/v1\/D14-1162. https:\/\/www.aclweb.org\/anthology\/D14-1162","DOI":"10.3115\/v1\/D14-1162"},{"key":"10029_CR37","doi-asserted-by":"crossref","unstructured":"Bojanowski P, Grave E, Joulin A, Mikolov T (2017) Enriching word vectors with subword information. arXiv:1607.04606v2","DOI":"10.1162\/tacl_a_00051"},{"key":"10029_CR38","unstructured":"Kipf TN, Welling M (2017) Semi-supervised classification with graph convolutional networks. In: Proceedings of the 5th international conference on learning representations, Palais des Congr{\u2216\u2018e}s Neptune, Toulon, France, p 14. https:\/\/openreview.net\/forum?id=SJU4ayYgl"},{"key":"10029_CR39","unstructured":"Dai H, Dai B, Song L (2016) Discriminative embeddings of latent variable models for structured data. In: Proceedings of the 33rd international conference on international conference on machine learning, ICML\u201916, vol 4. JMLR.org, New York, pp 2702\u20132711"},{"key":"10029_CR40","doi-asserted-by":"publisher","unstructured":"Hopfield JJ (1982) Neural networks and physical systems with emergent collective computational abilities. https:\/\/doi.org\/10.1073\/pnas.79.8.2554. https:\/\/www.pnas.org\/content\/79\/8\/2554. publisher: National Academy of Sciences Section: Research Article, vol 79, pp 2554\u20132558","DOI":"10.1073\/pnas.79.8.2554"},{"key":"10029_CR41","doi-asserted-by":"publisher","unstructured":"Hochreiter S, Schmidhuber J (1997) Long short-term memory. https:\/\/doi.org\/10.1162\/neco.1997.9.8.1735. publisher: MIT Press, vol 9, pp 1735\u20131780","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"10029_CR42","doi-asserted-by":"publisher","unstructured":"Cho K, van Merri\u00ebnboer B, Gulcehre C, Bahdanau D, Bougares F, Schwenk H, Bengio Y (2014) Learning phrase representations using RNN encoder\u2013decoder for statistical machine translation. In: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP). Association for Computational Linguistics, Doha, pp 1724\u20131734. https:\/\/doi.org\/10.3115\/v1\/D14-1179. https:\/\/www.aclweb.org\/anthology\/D14-1179","DOI":"10.3115\/v1\/D14-1179"},{"key":"10029_CR43","doi-asserted-by":"publisher","unstructured":"Li Z, Zou D, Tang J, Zhang Z, Sun M, Jin H (2019) A comparative study of deep learning-based vulnerability detection system. https:\/\/doi.org\/10.1109\/ACCESS.2019.2930578, vol 7, pp 103184\u2013103197","DOI":"10.1109\/ACCESS.2019.2930578"},{"issue":"5","key":"10029_CR44","doi-asserted-by":"publisher","first-page":"826","DOI":"10.1109\/TSMC.1983.6313076","volume":"13","author":"K Fukushima","year":"1983","unstructured":"Fukushima K, Miyake S, Ito T (1983) Neocognitron: A neural network model for a mechanism of visual pattern recognition. IEEE Trans Syst Man Cybern SMC 13(5):826\u2013834. https:\/\/doi.org\/10.1109\/TSMC.1983.6313076","journal-title":"IEEE Trans Syst Man Cybern SMC"},{"key":"10029_CR45","doi-asserted-by":"publisher","unstructured":"Feng Q, Zhou R, Xu C, Cheng Y, Testa B, Yin H (2016) Scalable graph-based bug search for firmware images. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, CCS \u201916. ACM, New York, pp 480\u2013491. https:\/\/doi.org\/10.1145\/2976749.2978370, event-place: Vienna, Austria","DOI":"10.1145\/2976749.2978370"},{"key":"10029_CR46","unstructured":"International Organization for Standardization (2020) ISO 5725-1:1994(en), Accuracy (trueness and precision) of measurement methods and results \u2014 Part 1: General principles and definitions. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:5725:-1:ed-1:v1:en"},{"key":"10029_CR47","doi-asserted-by":"publisher","unstructured":"Branco P, Torgo L, Ribeiro RP (2016) A survey of predictive modeling on imbalanced domains. https:\/\/doi.org\/10.1145\/2907070","DOI":"10.1145\/2907070"},{"key":"10029_CR48","doi-asserted-by":"publisher","unstructured":"Fawcett T (2006) An introduction to ROC analysis. https:\/\/doi.org\/10.1016\/j.patrec.2005.10.010. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S016786550500303X, vol 27, pp 861\u2013874","DOI":"10.1016\/j.patrec.2005.10.010"},{"issue":"1","key":"10029_CR49","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1186\/s12864-019-6413-7","volume":"21","author":"D Chicco","year":"2020","unstructured":"Chicco D, Jurman G (2020) The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genom 21(1):6. https:\/\/doi.org\/10.1186\/s12864-019-6413-7","journal-title":"BMC Genom"},{"key":"10029_CR50","doi-asserted-by":"publisher","unstructured":"Mou L, Meng Z, Yan R, Li G, Xu Y, Zhang L, Jin Z (2016) How transferable are neural networks in nlp applications?. In: Proceedings of the 2016 conference on empirical methods in natural language processing. Association for Computational Linguistics, Austin, pp 479\u2013489. https:\/\/doi.org\/10.18653\/v1\/D16-1046. https:\/\/www.aclweb.org\/anthology\/D16-1046","DOI":"10.18653\/v1\/D16-1046"},{"key":"10029_CR51","unstructured":"Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser \u0141, Polosukhin I (2017) Attention is all you need. In: Advances in neural information processing systems. pp 5998\u20136008"},{"key":"10029_CR52","doi-asserted-by":"crossref","unstructured":"Botha JA, Pitler E, Ma J, Bakalov A, Salcianu A, Weiss D, McDonald R, Petrov S (2017) Natural language processing with small feed-forward networks. arXiv:170800214","DOI":"10.18653\/v1\/D17-1309"},{"key":"10029_CR53","doi-asserted-by":"publisher","unstructured":"Selvaraju RR, Cogswell M, Das A, Vedantam R, Parikh D, Batra D (2017) Grad-CAM: visual explanations from deep networks via gradient-based localization. In: 2017 IEEE international conference on computer vision (ICCV), pp 618\u2013626. https:\/\/doi.org\/10.1109\/ICCV.2017.74","DOI":"10.1109\/ICCV.2017.74"},{"key":"10029_CR54","doi-asserted-by":"crossref","unstructured":"Warnecke A, Arp D, Wressnegger C, Rieck K (2020) Evaluating explanation methods for deep learning in security. arXiv:1906.02108 [cs, stat]","DOI":"10.1109\/EuroSP48549.2020.00018"},{"key":"10029_CR55","doi-asserted-by":"publisher","unstructured":"Easterbrook S, Singer J, Storey MA, Damian D (2008) Selecting empirical methods for software engineering research. In: Shull F, Singer J, Sj\u00f8berg DIK (eds) Guide to advanced empirical software engineering. Springer, London, pp 285\u2013311. https:\/\/doi.org\/10.1007\/978-1-84800-044-5_11","DOI":"10.1007\/978-1-84800-044-5_11"},{"key":"10029_CR56","doi-asserted-by":"publisher","unstructured":"Chatzieleftheriou G, Katsaros P (2011) Test-driving static analysis tools in search of C code vulnerabilities. In: 2011 IEEE 35th annual computer software and applications conference workshops. pp 96\u2013103. https:\/\/doi.org\/10.1109\/COMPSACW.2011.26","DOI":"10.1109\/COMPSACW.2011.26"},{"key":"10029_CR57","doi-asserted-by":"publisher","unstructured":"Walden J, Stuckman J, Scandariato R (2014) Predicting vulnerable components: software metrics vs text mining. In: 2014 IEEE 25th international symposium on software reliability engineering. pp 23\u201333. https:\/\/doi.org\/10.1109\/ISSRE.2014.32","DOI":"10.1109\/ISSRE.2014.32"},{"key":"10029_CR58","doi-asserted-by":"publisher","unstructured":"Lin G, Zhang J, Luo W, Pan L, Xiang Y (2017) POSTER: vulnerability discovery with function representation learning from unlabeled projects. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security - CCS \u201917. ACM Press, Dallas, pp 2539\u20132541. https:\/\/doi.org\/10.1145\/3133956.3138840. http:\/\/dl.acm.org\/citation.cfm?doid=3133956.3138840","DOI":"10.1145\/3133956.3138840"},{"issue":"10","key":"10029_CR59","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1109\/MC.2012.345","volume":"45","author":"T Boland","year":"2012","unstructured":"Boland T, Black PE (2012) Juliet 1.1 C\/C++ and Java test suite. Computer 45 (10):88\u201390. https:\/\/doi.org\/10.1109\/MC.2012.345. http:\/\/ieeexplore.ieee.org\/document\/6329885\/","journal-title":"Computer"},{"key":"10029_CR60","doi-asserted-by":"publisher","unstructured":"Gkortzis A, Mitropoulos D, Spinellis D (2018) VulinOSS: a dataset of security vulnerabilities in open-source systems. In: Proceedings of the 15th international conference on mining software repositories, MSR \u201918. ACM, New York, pp 18\u201321. https:\/\/doi.org\/10.1145\/3196398.3196454. event-place: Gothenburg, Sweden","DOI":"10.1145\/3196398.3196454"},{"key":"10029_CR61","doi-asserted-by":"publisher","unstructured":"Ponta SE, Plate H, Sabetta A, Bezzi M, Dangremont C (2019) A manually-curated dataset of fixes to vulnerabilities of open-source software. In: Proceedings of the 16th international conference on mining software repositories, MSR \u201919. IEEE Press, Montreal, pp 383\u2013387. https:\/\/doi.org\/10.1109\/MSR.2019.00064","DOI":"10.1109\/MSR.2019.00064"},{"key":"10029_CR62","doi-asserted-by":"publisher","first-page":"104712","DOI":"10.1016\/j.dib.2019.104712","volume":"27","author":"B Gelman","year":"2019","unstructured":"Gelman B, Obayomi B, Moore J, Slater D (2019) Source code analysis dataset. Data Brief 27:104712. https:\/\/doi.org\/10.1016\/j.dib.2019.104712. http:\/\/www.sciencedirect.com\/science\/article\/pii\/S2352340919310674","journal-title":"Data Brief"},{"key":"10029_CR63","unstructured":"Facebook (2020) Infer static analyzer. https:\/\/fbinfer.com\/"},{"key":"10029_CR64","doi-asserted-by":"crossref","unstructured":"Lattner C, Adve V (2004) Llvm: A compilation framework for lifelong program analysis & transformation. In: Proceedings of the international symposium on code generation and optimization: feedback-directed and runtime optimization, CGO \u201904. IEEE Computer Society, p 75","DOI":"10.1109\/CGO.2004.1281665"},{"issue":"7","key":"10029_CR65","doi-asserted-by":"publisher","first-page":"3289","DOI":"10.1109\/TII.2018.2821768","volume":"14","author":"G Lin","year":"2018","unstructured":"Lin G, Zhang J, Luo W, Pan L, Xiang Y, Vel OD, Montague P (2018) Cross- project transfer representation learning for vulnerable function discovery. IEEE Trans Ind Inform 14(7):3289\u20133297. https:\/\/doi.org\/10.1109\/TII.2018.2821768","journal-title":"IEEE Trans Ind Inform"},{"key":"10029_CR66","doi-asserted-by":"publisher","unstructured":"Li Z, Zou D, Xu S, Ou X, Jin H, Wang S, Deng Z, Zhong Y (2018) VulDeePecker: a deep learning-based system for vulnerability detection. In: Proceedings 2018 network and distributed system security symposium. https:\/\/doi.org\/10.14722\/ndss.2018.23158, https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2018\/02\/ndss201803A-2Lipaper.pdf","DOI":"10.14722\/ndss.2018.23158"},{"key":"10029_CR67","doi-asserted-by":"publisher","unstructured":"Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z (2021) Sysevr: A framework for using deep learning to detect software vulnerabilities. IEEE Trans Depend Secur Comput :1\u20131. https:\/\/doi.org\/10.1109\/TDSC.2021.3051525","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"10029_CR68","doi-asserted-by":"crossref","unstructured":"Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M (2018) Automated vulnerability detection in source code using deep representation learning. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA). pp 757\u2013762","DOI":"10.1109\/ICMLA.2018.00120"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-021-10029-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-021-10029-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-021-10029-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,13]],"date-time":"2023-01-13T04:10:15Z","timestamp":1673583015000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-021-10029-x"}},"subtitle":["A systematic literature review"],"short-title":[],"issued":{"date-parts":[[2021,10,21]]},"references-count":68,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1]]}},"alternative-id":["10029"],"URL":"https:\/\/doi.org\/10.1007\/s10664-021-10029-x","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,21]]},"assertion":[{"value":"27 July 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 October 2021","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"2"}}