{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:13:54Z","timestamp":1778166834438,"version":"3.51.4"},"reference-count":55,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T00:00:00Z","timestamp":1771545600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T00:00:00Z","timestamp":1771545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100003151","name":"Fonds de recherche du Qu\u00e9bec \u2013 Nature et technologies","doi-asserted-by":"publisher","award":["2024-NOVA-346499"],"award-info":[{"award-number":["2024-NOVA-346499"]}],"id":[{"id":"10.13039\/501100003151","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["RGPIN-2019-07007"],"award-info":[{"award-number":["RGPIN-2019-07007"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["555406-2021"],"award-info":[{"award-number":["555406-2021"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1007\/s10664-026-10803-9","type":"journal-article","created":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T11:11:40Z","timestamp":1771585900000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["An exploratory study on fine-tuning large language models for secure code generation"],"prefix":"10.1007","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8828-632X","authenticated-orcid":false,"given":"Junjie","family":"Li","sequence":"first","affiliation":[]},{"given":"Fazle","family":"Rabbi","sequence":"additional","affiliation":[]},{"given":"Cheng","family":"Cheng","sequence":"additional","affiliation":[]},{"given":"Aseem","family":"Sangalay","sequence":"additional","affiliation":[]},{"given":"Yuan","family":"Tian","sequence":"additional","affiliation":[]},{"given":"Jinqiu","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,20]]},"reference":[{"key":"10803_CR1","doi-asserted-by":"crossref","unstructured":"Adhikari A, Kulkarni P (2024) Survey of techniques to detect common weaknesses in program binaries. Cyber Secur Appl 100061","DOI":"10.1016\/j.csa.2024.100061"},{"key":"10803_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed T, Devanbu P (2022) Few-shot training llms for project-specific code-summarization. In booktitle ASE, pp 1\u20135","DOI":"10.1145\/3551349.3559555"},{"key":"10803_CR3","doi-asserted-by":"crossref","unstructured":"Bhandari G, Naseer A, Moonen L (2021) CVEfixes: Automated collection of vulnerabilities and their fixes from open-source software. In PROMISE, pp 30\u201339","DOI":"10.1145\/3475960.3475985"},{"key":"10803_CR4","unstructured":"Biderman S, Raff E (2022) Neural language models are effective plagiarists. arXiv:2201.07406"},{"key":"10803_CR5","doi-asserted-by":"crossref","unstructured":"Challande A, David R, Renault G (2022) Building a commit-level dataset of real-world vulnerabilities. In CODASPY, pp 101\u2013106","DOI":"10.1145\/3508398.3511495"},{"key":"10803_CR6","unstructured":"Chen M, Tworek J, Jun H, Yuan Q, de Oliveira\u00a0Pinto HP, Kaplan J, Edwards H, Burda Y, Joseph N, Brockman G, Ray A, Puri R, Krueger G, Petrov M, Khlaaf H, Sastry G, Mishkin P, Chan B, Gray S, Ryder N, Pavlov M, Power A, Kaiser L, Bavarian M, Winter C, Tillet P, Such FP, Cummings D, Plappert M, Chantzis F, Barnes E, Herbert-Voss A, Guss WH, Nichol A, Paino A, Tezak N, Tang J, Babuschkin I, Balaji S, Jain S, Saunders W, Hesse C, Carr AN, Leike J, Achiam J, Misra V, Morikawa E, Radford A, Knight M, Brundage M, Murati M, Mayer K, Welinder P, McGrew B, Amodei D, McCandlish S, Sutskever I, Zaremba W (2021) Evaluating large language models trained on code. arxiv cs.LG\/2107.03374"},{"key":"10803_CR7","first-page":"5282","volume-title":"CodePrompt: Task-agnostic prefix tuning for program and language generation","author":"Y Choi","year":"2023","unstructured":"Choi Y, Lee JH (2023) CodePrompt: Task-agnostic prefix tuning for program and language generation. ACL, In Findings of the association for computational linguistics, pp 5282\u20135297"},{"key":"10803_CR8","unstructured":"CodeQL (2025) codeql. https:\/\/codeql.github.com. Accessed 20 Sept 2025"},{"key":"10803_CR9","unstructured":"CVE-MITRE (2024) Common vulnerabilities and exposures. https:\/\/www.cve.org\/About\/Overview"},{"key":"10803_CR10","unstructured":"CWE-MITRE (2022) Common weakness enumeration. https:\/\/cwe.mitre.org\/index.html"},{"key":"10803_CR11","doi-asserted-by":"crossref","unstructured":"Fan J, Li Y, Wang S, Nguyen TN (2020) AC\/C++ code vulnerability dataset with code changes and CVE summaries. In Proceedings of the 17th international conference on mining software repositories, pp 508\u2013512","DOI":"10.1145\/3379597.3387501"},{"key":"10803_CR12","doi-asserted-by":"crossref","unstructured":"Feng Z, Guo D, Tang D, Duan N, Feng X, Gong M, Shou L, Qin B, Liu T, Jiang D, Zhou M (2020) CodeBERT: A pre-trained model for programming and natural languages. In findings of the association for computational linguistics: EMNLP 2020. Association for Computational Linguistics, Online, pp 1536\u20131547. https:\/\/doi.org\/10.18653\/v1\/2020.findings-emnlp.139","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"10803_CR13","doi-asserted-by":"publisher","unstructured":"Fried D, Aghajanyan A, Lin J, Wang S, Wallace E, Shi F, Zhong R, Yih WT, Zettlemoyer L, Lewis M (2022) InCoder: A generative model for code infilling and synthesis. arXiv. https:\/\/doi.org\/10.48550\/ARXIV.2204.05999","DOI":"10.48550\/ARXIV.2204.05999"},{"issue":"3","key":"10803_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3632746","volume":"33","author":"M Fu","year":"2024","unstructured":"Fu M, Nguyen V, Tantithamthavorn C, Phung D, Le T (2024) Vision transformer inspired automated vulnerability repair. ACM Trans Softw Eng Methodol 33(3):1\u201329","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"10803_CR15","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn C, Le T, Nguyen V, Phung D (2022) Vulrepair: a t5-based automated software vulnerability repair. In Proceedings of the 30th ACM joint european software engineering conference and symposium on the foundations of software engineering, pp 935\u2013947","DOI":"10.1145\/3540250.3549098"},{"key":"10803_CR16","unstructured":"Guo D, Zhu Q, Yang D, Xie Z, Dong K, Zhang W, Chen G, Bi X, Wu Y, Li YK et\u00a0al (2024) DeepSeek-coder: When the large language model meets programming\u2013the rise of code intelligence. arXiv preprint arXiv:2401.14196"},{"key":"10803_CR17","doi-asserted-by":"crossref","unstructured":"Hajipour H, Hassler K, Holz T, Sch\u00f6nherr L, Fritz M (2023) CodeLMSec benchmark: Systematically evaluating and finding security vulnerabilities in black-box code language models. arXiv preprint arXiv:2302.04012","DOI":"10.1109\/SaTML59370.2024.00040"},{"key":"10803_CR18","doi-asserted-by":"crossref","unstructured":"He J, Vechev M (2023) Large language models for code: Security hardening and adversarial testing. In Proceedings of the 2023 ACM SIGSAC conference on computer and communications security, pp 1865\u20131879","DOI":"10.1145\/3576915.3623175"},{"key":"10803_CR19","unstructured":"He J, Vero M, Krasnopolska G, Vechev M (2024) Instruction tuning for secure code generation. arXiv preprint arXiv:2402.09497"},{"key":"10803_CR20","unstructured":"Houlsby N, Giurgiu A, Jastrzebski S, Morrone B, De\u00a0Laroussilhe Q, Gesmundo A, Attariyan M, Gelly S (2019) Parameter-efficient transfer learning for NLP. In international conference on machine learning, pp PMLR, pp 2790\u20132799"},{"key":"10803_CR21","unstructured":"Hu EJ, Shen Y, Wallis P, Allen-Zhu Z, Li Y, Wang S, Wang L, Chen W (2021) Lora: Low-rank adaptation of large language models. arXiv preprint arXiv:2106.09685"},{"key":"10803_CR22","doi-asserted-by":"crossref","unstructured":"Jin M, Shahriar S, Tufano M, Shi X, Lu S, Sundaresan N, Svyatkovskiy A (2023) Inferfix: End-to-end program repair with llms. In FSE, pp 1646\u20131656","DOI":"10.1145\/3611643.3613892"},{"key":"10803_CR23","doi-asserted-by":"publisher","first-page":"5131","DOI":"10.1609\/aaai.v37i4.25642","volume":"37","author":"H Joshi","year":"2023","unstructured":"Joshi H, Sanchez JC, Gulwani S, Le V, Verbruggen G, Radi\u010dek I (2023) Repair is nearly generation: Multilingual program repair with llms. In Proceedings of the AAAI conference on artificial intelligence 37:5131\u20135140","journal-title":"In Proceedings of the AAAI conference on artificial intelligence"},{"key":"10803_CR24","doi-asserted-by":"publisher","unstructured":"Kanade A, Maniatis P, Balakrishnan G, Shi K (2020) Learning and evaluating contextual embedding of source code. arXiv https:\/\/doi.org\/10.48550\/ARXIV.2001.00059","DOI":"10.48550\/ARXIV.2001.00059"},{"key":"10803_CR25","doi-asserted-by":"crossref","unstructured":"Khoury R, Avila AR, Brunelle J, Camara BM (2023) How secure is code generated by chatgpt?. In SMC 2023, IEEE, pp 2445\u20132451","DOI":"10.1109\/SMC53992.2023.10394237"},{"key":"10803_CR26","unstructured":"Kocetkov D, Li R, Allal LB, Li J, Mou C, Ferrandis CM, Jernite Y, Mitchell M, Hughes S, Wolf T et\u00a0al (2022) The stack: 3 tb of permissively licensed source code. arXiv preprint arXiv:2211.15533"},{"key":"10803_CR27","doi-asserted-by":"crossref","unstructured":"Lester B, Al-Rfou R, Constant N (2021) The power of scale for parameter-efficient prompt tuning. arXiv preprint arXiv:2104.08691","DOI":"10.18653\/v1\/2021.emnlp-main.243"},{"key":"10803_CR28","doi-asserted-by":"crossref","unstructured":"Li J, Sangalay A, Cheng C, Tian Y, Yang J (2024) Fine tuning large language model for secure code generation. In proceedings of the 2024 IEEE\/ACM 1st international conference on AI foundation models and software engineering, pp 86\u201390","DOI":"10.1145\/3650105.3652299"},{"key":"10803_CR29","first-page":"1950","volume":"35","author":"H Liu","year":"2022","unstructured":"Liu H, Tam D, Muqeeth M, Mohta J, Huang T, Bansal M, Raffel CA (2022) Few-shot parameter-efficient fine-tuning is better and cheaper than in-context learning. Adv Neural Inf Process Syst 35:1950\u20131965","journal-title":"Adv Neural Inf Process Syst"},{"key":"10803_CR30","unstructured":"Luo Y, Yang Z, Meng F, Li Y, Zhou J, Zhang Y (2023b) An empirical study of catastrophic forgetting in large language models during continual fine-tuning. arXiv preprint arXiv:2308.08747"},{"key":"10803_CR31","unstructured":"Luo Z, Xu C, Zhao P, Sun Q, Geng X, Hu W, Tao C, Ma J, Lin Q, Jiang D (2023a) Wizardcoder: Empowering code large language models with evol-instruct. arXiv preprint arXiv:2306.08568"},{"key":"10803_CR32","doi-asserted-by":"crossref","unstructured":"Mastropaolo A, Nardone V, Bavota G, Di\u00a0Penta M (2024) How the training procedure impacts the performance of deep learning-based vulnerability patching. In Proceedings of the 28th international conference on evaluation and assessment in software engineering, pp 150\u2013159","DOI":"10.1145\/3661167.3661200"},{"key":"10803_CR33","doi-asserted-by":"crossref","unstructured":"The MITRE\u00a0corporation (MITRE) (2023) 2023 CWE top 25 most dangerous software weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_stubborn_weaknesses.html","DOI":"10.1001\/jama.2023.9319"},{"key":"10803_CR34","unstructured":"Nijkamp E, Hayashi H, Xiong C, Savarese S, Zhou Y (2023a) CodeGen2: Lessons for training llms on programming and natural languages, ICLR"},{"key":"10803_CR35","unstructured":"Nijkamp E, Pang B, Hayashi H, Tu L, Wang H, Zhou Y, Savarese S, Xiong C (2023b) CodeGen: An open large language model for code with multi-turn program synthesis, ICLR"},{"key":"10803_CR36","doi-asserted-by":"crossref","unstructured":"Nikitopoulos G, Dritsa K, Louridas P, Mitropoulos D (2021) CrossVul: A cross-language vulnerability dataset with commit data, ESEC\/FSE 2021, Association for Computing Machinery, New York, NY, USA, pp 1565\u20131569. https:\/\/doi.org\/10.1145\/3468264.3473122","DOI":"10.1145\/3468264.3473122"},{"key":"10803_CR37","first-page":"754","volume-title":"Asleep at the keyboard?","author":"H Pearce","year":"2022","unstructured":"Pearce H, Ahmad B, Tan B, Dolan-Gavitt B, Karri R (2022) Asleep at the keyboard? Assessing the security of GitHub Copilot\u2019s code contributions. In S&P, IEEE, pp 754\u2013768"},{"key":"10803_CR38","doi-asserted-by":"crossref","unstructured":"Pearce H, Ahmad B, Tan B, Dolan-Gavitt B, Karri R (2022) Asleep at the keyboard? Assessing the security of GitHub Copilot\u2019s code contributions. In S&P, IEEE, pp 754\u2013768","DOI":"10.1109\/SP46214.2022.9833571"},{"issue":"8","key":"10803_CR39","first-page":"9","volume":"1","author":"A Radford","year":"2019","unstructured":"Radford A, Wu J, Child R, Luan D, Amodei D, Sutskever I et al (2019) Language models are unsupervised multitask learners. OpenAI blog 1(8):9","journal-title":"OpenAI blog"},{"key":"10803_CR40","unstructured":"Radford A, Wu J, Child R, Luan D, Amodei D, Sutskever I et\u00a0al (2019) Language models are unsupervised multitask learners. OpenAI blog 1(8):9"},{"key":"10803_CR41","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102417","volume":"110","author":"H Sun","year":"2021","unstructured":"Sun H, Cui L, Li L, Ding Z, Hao Z, Cui J, Liu P (2021) VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches. Comput Secur 110:102417","journal-title":"Comput Secur"},{"key":"10803_CR42","doi-asserted-by":"crossref","unstructured":"Sun H, Cui L, Li L, Ding Z, Hao Z, Cui J, Liu P (2021) VDSimilar: Vulnerability detection based on code similarity of vulnerabilities and patches. Comput Secur 110:102417","DOI":"10.1016\/j.cose.2021.102417"},{"key":"10803_CR43","unstructured":"Touvron H, Martin L, Stone K, Albert P, Almahairi A, Babaei Y, Bashlykov N, Batra S, Bhargava P, Bhosale S et\u00a0al (2023) Llama 2: Open foundation and fine-tuned chat models. arXiv preprint arXiv:2307.09288"},{"key":"10803_CR44","doi-asserted-by":"publisher","first-page":"826","DOI":"10.1162\/tacl_a_00577","volume":"11","author":"M Treviso","year":"2023","unstructured":"Treviso M, Lee JU, Ji T, Aken BV, Cao Q, Ciosici MR, Hassid M, Heafield K, Hooker S, Raffel C et al (2023) Efficient methods for natural language processing: A survey. Trans Assoc Comput Linguist 11:826\u2013860","journal-title":"Trans Assoc Comput Linguist"},{"key":"10803_CR45","unstructured":"Wang B, Komatsuzaki A (2021) GPT-J-6B: A 6 billion parameter autoregressive language model. https:\/\/github.com\/kingoflolz\/mesh-transformer-jax"},{"key":"10803_CR46","doi-asserted-by":"crossref","unstructured":"Wang C, Yang Y, Gao C, Peng Y, Zhang H, Lyu MR (2022) No more fine-tuning? an experimental evaluation of prompt tuning in code intelligence. In FSE, pp 382\u2013394","DOI":"10.1145\/3540250.3549113"},{"key":"10803_CR47","unstructured":"Wang J, Cao L, Luo X, Zhou Z, Xie J, Jatowt A, Cai Y (2023) Enhancing large language models for secure code generation: A dataset-driven study on vulnerability mitigation. arXiv preprint arXiv:2310.16263"},{"key":"10803_CR48","doi-asserted-by":"crossref","unstructured":"Wang Y, Wang W, Joty S, Hoi SCH (2021) Codet5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation. arXiv preprint arXiv:2109.00859","DOI":"10.18653\/v1\/2021.emnlp-main.685"},{"key":"10803_CR49","unstructured":"Wei Y, Wang Z, Liu J, Ding Y, Zhang L (2023) Magicoder: Source code is all you need. arXiv preprint arXiv:2312.02120"},{"key":"10803_CR50","unstructured":"Weyssow M, Zhou X, Kim K, Lo D, Sahraoui H (2023) Exploring parameter-efficient fine-tuning techniques for code generation with large language models. arXiv preprint arXiv:2308.10462"},{"key":"10803_CR51","unstructured":"Wu J, Wu Z, Li R, Qin H, Wang G (2024) Effective bug detection in graph database engines: An LLM-based approach. arXiv preprint arXiv:2402.00292"},{"key":"10803_CR52","doi-asserted-by":"publisher","unstructured":"Xu FF, Alon U,Neubig G, Hellendoorn VJ (2022) A systematic evaluation of large language models of code. arXiv https:\/\/doi.org\/10.48550\/ARXIV.2202.13169","DOI":"10.48550\/ARXIV.2202.13169"},{"key":"10803_CR53","unstructured":"Yang S, Chiang WL, Zheng L, Gonzalez JE, Stoica I (2023) Rethinking benchmark and contamination for language models with rephrased samples. arXiv preprint arXiv:2311.04850"},{"key":"10803_CR54","doi-asserted-by":"crossref","unstructured":"Zhang B, Du T, Tong J, Zhang X, Chow K, Cheng S, Wang X, Yin J (2024) SecCoder: Towards generalizable and robust secure code generation. arXiv preprint arXiv:2410.01488","DOI":"10.18653\/v1\/2024.emnlp-main.806"},{"key":"10803_CR55","doi-asserted-by":"crossref","unstructured":"Zheng Q, Xia X, Zou X, Dong Y, Wang S, Xue Y, Wang Z, Shen L, Wang A, Li Y et\u00a0al (2023) Codegeex: A pre-trained model for code generation with multilingual evaluations on humaneval-x. arXiv preprint arXiv:2303.17568","DOI":"10.1145\/3580305.3599790"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-026-10803-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-026-10803-9","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-026-10803-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T08:01:56Z","timestamp":1777536116000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-026-10803-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,20]]},"references-count":55,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2026,7]]}},"alternative-id":["10803"],"URL":"https:\/\/doi.org\/10.1007\/s10664-026-10803-9","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,20]]},"assertion":[{"value":"20 August 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 January 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no financial or proprietary interests in any material discussed in this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}}],"article-number":"81"}}