{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T11:52:50Z","timestamp":1781610770894,"version":"3.54.5"},"reference-count":93,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T00:00:00Z","timestamp":1775433600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T00:00:00Z","timestamp":1775433600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100012165","name":"Key Technologies Research and Development Program","doi-asserted-by":"publisher","award":["2024YFB4506300"],"award-info":[{"award-number":["2024YFB4506300"]}],"id":[{"id":"10.13039\/501100012165","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62322208"],"award-info":[{"award-number":["62322208"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001695","name":"Japan Science and Technology Corporation","doi-asserted-by":"crossref","award":["JPMJAP2415"],"award-info":[{"award-number":["JPMJAP2415"]}],"id":[{"id":"10.13039\/501100001695","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100000646","name":"Japan Society for the Promotion of Science London","doi-asserted-by":"publisher","award":["JP25K22845"],"award-info":[{"award-number":["JP25K22845"]}],"id":[{"id":"10.13039\/501100000646","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000646","name":"Japan Society for the Promotion of Science London","doi-asserted-by":"publisher","award":["JPJSBP120239929"],"award-info":[{"award-number":["JPJSBP120239929"]}],"id":[{"id":"10.13039\/501100000646","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003844","name":"Inamori Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003844","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1007\/s10664-026-10832-4","type":"journal-article","created":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T12:41:24Z","timestamp":1775479284000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Evaluating large language models for multilingual vulnerability detection at dual granularities"],"prefix":"10.1007","volume":"31","author":[{"given":"Honglin","family":"Shu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Fu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Junji","family":"Yu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2004-0902","authenticated-orcid":false,"given":"Dong","family":"Wang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chakkrit","family":"Tantithamthavorn","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Junjie","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yasutaka","family":"Kamei","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2026,4,6]]},"reference":[{"issue":"3","key":"10832_CR1","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10664-022-10278-4","volume":"28","author":"M Alfadel","year":"2023","unstructured":"Alfadel M, Costa DE, Shihab E (2023) Empirical analysis of security vulnerabilities in python packages. Empir Softw Eng 28(3):59","journal-title":"Empir Softw Eng"},{"key":"10832_CR2","doi-asserted-by":"crossref","unstructured":"Alizadeh N, Belchev B, Saurabh N, Kelbert P, Castor F (2025) Language models in software development tasks: An experimental analysis of energy and accuracy. In: 2025 IEEE\/ACM 22nd International Conference on Mining Software Repositories (MSR), IEEE, pp 725\u2013736","DOI":"10.1109\/MSR66628.2025.00109"},{"key":"10832_CR3","doi-asserted-by":"crossref","unstructured":"Bhandari G, Naseer A, Moonen L (2021) Cvefixes: automated collection of vulnerabilities and their fixes from open-source software. In: Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering, pp 30\u201339","DOI":"10.1145\/3475960.3475985"},{"key":"10832_CR4","unstructured":"Bilge L, Dumitras T (2012) An empirical study of zeroday attacks in the real world. CCS\u201912 pp 16\u201318"},{"key":"10832_CR5","unstructured":"Brunsfeld M (2024) tree-sitter\/tree-sitter: v0.23.0. DOI: 10.5281\/zenodo.13375512"},{"key":"10832_CR6","doi-asserted-by":"crossref","unstructured":"Cao S, Sun X, Bo L, Wu R, Li B, Tao C (2022) Mvd: memory-related vulnerability detection based on flow-sensitive graph neural networks. In: Proceedings of the 44th international conference on software engineering, pp 1456\u20131468","DOI":"10.1145\/3510003.3510219"},{"issue":"9","key":"10832_CR7","doi-asserted-by":"publisher","first-page":"3280","DOI":"10.1109\/TSE.2021.3087402","volume":"48","author":"S Chakraborty","year":"2021","unstructured":"Chakraborty S, Krishna R, Ding Y, Ray B (2021) Deep learning based vulnerability detection: Are we there yet? IEEE Trans Software Eng 48(9):3280\u20133296","journal-title":"IEEE Trans Software Eng"},{"issue":"6","key":"10832_CR8","doi-asserted-by":"publisher","first-page":"476","DOI":"10.1109\/32.295895","volume":"20","author":"SR Chidamber","year":"1994","unstructured":"Chidamber SR, Kemerer CF (1994) A metrics suite for object oriented design. IEEE Trans Software Eng 20(6):476\u2013493","journal-title":"IEEE Trans Software Eng"},{"key":"10832_CR9","unstructured":"Cloud A (2024) Qwq model documentation. https:\/\/www.alibabacloud.com\/help\/en\/model-studio\/user-guide\/qwq, accessed: March 29, 2025"},{"key":"10832_CR10","unstructured":"CVE (2024) https:\/\/www.cve.org\/About\/Overview"},{"key":"10832_CR11","unstructured":"CWE (2024) https:\/\/cwe.mitre.org\/about\/index.html"},{"key":"10832_CR12","doi-asserted-by":"crossref","unstructured":"Devlin J, Chang MW, Lee K, Toutanova K (2019) Bert: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, volume 1 (long and short papers), pp 4171\u20134186","DOI":"10.18653\/v1\/N19-1423"},{"key":"10832_CR13","doi-asserted-by":"crossref","unstructured":"Ding Y, Fu Y, Ibrahim O, Sitawarin C, Chen X, Alomair B, Wagner D, Ray B, Chen Y (2024a) Vulnerability detection with code language models: How far are we? arXiv preprint arXiv:2403.18624","DOI":"10.1109\/ICSE55347.2025.00038"},{"key":"10832_CR14","doi-asserted-by":"crossref","unstructured":"Ding Y, Steenhoek B, Pei K, Kaiser G, Le W, Ray B (2024b) Traced: Execution-aware pre-training for source code. In: Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering, pp 1\u201312","DOI":"10.1145\/3597503.3608140"},{"key":"10832_CR15","unstructured":"Du X, Zheng G, Wang K, Feng J, Deng W, Liu M, Chen B, Peng X, Ma T, Lou Y (2024) Vul-rag: Enhancing llm-based vulnerability detection via knowledge-level rag. arXiv preprint arXiv:2406.11147"},{"key":"10832_CR16","unstructured":"Dubey A, Jauhri A, Pandey A, Kadian A, Al-Dahle A, Letman A, Mathur A, Schelten A, Yang A, Fan A, et al. (2024) The llama 3 herd of models. arXiv preprint arXiv:2407.21783"},{"key":"10832_CR17","doi-asserted-by":"crossref","unstructured":"Fan J, Li Y, Wang S, Nguyen TN (2020) Ac\/c++ code vulnerability dataset with code changes and cve summaries. In: Proceedings of the 17th International Conference on Mining Software Repositories, pp 508\u2013512","DOI":"10.1145\/3379597.3387501"},{"key":"10832_CR18","doi-asserted-by":"crossref","unstructured":"Feng Z, Guo D, Tang D, Duan N, Feng X, Gong M, Shou L, Qin B, Liu T, Jiang D, et al. (2020) Codebert: A pre-trained model for programming and natural languages. arXiv preprint arXiv:2002.08155","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"10832_CR19","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn C (2022) Linevul: A transformer-based line-level vulnerability prediction. In: Proceedings of the 19th International Conference on Mining Software Repositories, pp 608\u2013620","DOI":"10.1145\/3524842.3528452"},{"key":"10832_CR20","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn C, Nguyen V, Le T (2023a) Chatgpt for vulnerability detection, classification, and repair: How far are we? In: 2023 30th Asia-Pacific Software Engineering Conference (APSEC), IEEE Computer Society, Los Alamitos, CA, USA, pp 632\u2013636, doi: 10.1109\/APSEC60848.2023.00085, https:\/\/doi.ieeecomputersociety.org\/10.1109\/APSEC60848.2023.00085","DOI":"10.1109\/APSEC60848.2023.00085"},{"key":"10832_CR21","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn CK, Nguyen V, Le T (2023b) Chatgpt for vulnerability detection, classification, and repair: How far are we? In: 2023 30th Asia-Pacific Software Engineering Conference (APSEC), IEEE, pp 632\u2013636","DOI":"10.1109\/APSEC60848.2023.00085"},{"key":"10832_CR22","doi-asserted-by":"crossref","unstructured":"Gao S, Wen XC, Gao C, Wang W, Zhang H, Lyu MR (2023) What makes good in-context demonstrations for code intelligence tasks with llms? In: 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 761\u2013773","DOI":"10.1109\/ASE56229.2023.00109"},{"key":"10832_CR23","doi-asserted-by":"crossref","unstructured":"Gobbi MF, Kinder J (2023) Poster: Using codeql to detect malware in npm. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, CCS \u201923, p 3519\u20133521, doi: 10.1145\/3576915.3624401, https:\/\/doi.org\/10.1145\/3576915.3624401","DOI":"10.1145\/3576915.3624401"},{"key":"10832_CR24","doi-asserted-by":"crossref","unstructured":"Grieco G, Grinblat GL, Uzal L, Rawat S, Feist J, Mounier L (2016) Toward large-scale vulnerability discovery using machine learning. In: Proceedings of the sixth ACM conference on data and application security and privacy, pp 85\u201396","DOI":"10.1145\/2857705.2857720"},{"key":"10832_CR25","doi-asserted-by":"crossref","unstructured":"Guo D, Lu S, Duan N, Wang Y, Zhou M, Yin J (2022) Unixcoder: Unified cross-modal pre-training for code representation. arXiv preprint arXiv:2203.03850","DOI":"10.18653\/v1\/2022.acl-long.499"},{"key":"10832_CR26","unstructured":"Guo D, Zhu Q, Yang D, Xie Z, Dong K, Zhang W, Chen G, Bi X, Wu Y, Li Y, et al. (2024) Deepseek-coder: When the large language model meets programming-the rise of code intelligence. arXiv preprint arXiv:2401.14196"},{"key":"10832_CR27","unstructured":"Guo D, Yang D, Zhang H, Song J, Zhang R, Xu R, Zhu Q, Ma S, Wang P, Bi X, et al. (2025) Deepseek-r1: Incentivizing reasoning capability in llms via reinforcement learning. arXiv preprint arXiv:2501.12948"},{"key":"10832_CR28","unstructured":"Halstead MH (1977) Elements of Software Science (Operating and programming systems series). Elsevier Science Inc"},{"key":"10832_CR29","doi-asserted-by":"crossref","unstructured":"Hanif H, Maffeis S (2022) Vulberta: Simplified source code pre-training for vulnerability detection. In: 2022 International joint conference on neural networks (IJCNN), IEEE, pp 1\u20138","DOI":"10.1109\/IJCNN55064.2022.9892280"},{"issue":"3","key":"10832_CR30","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1145\/947825.947829","volume":"16","author":"WA Harrison","year":"1981","unstructured":"Harrison WA, Magel KI (1981) A complexity measure based on nesting level. ACM Sigplan Notices 16(3):63\u201374","journal-title":"ACM Sigplan Notices"},{"key":"10832_CR31","doi-asserted-by":"crossref","unstructured":"Hin D, Kan A, Chen H, Babar MA (2022) Linevd: Statement-level vulnerability detection using graph neural networks. In: Proceedings of the 19th international conference on mining software repositories, pp 596\u2013607","DOI":"10.1145\/3524842.3527949"},{"key":"10832_CR32","unstructured":"Homepage (2024) https:\/\/docs.python.org\/3\/library\/difflib.html"},{"key":"10832_CR33","doi-asserted-by":"crossref","unstructured":"Hou X, Zhao Y, Liu Y, Yang Z, Wang K, Li L, Luo X, Lo D, Grundy J, Wang H (2023) Large language models for software engineering: A systematic literature review. ACM Transactions on Software Engineering and Methodology","DOI":"10.1145\/3695988"},{"key":"10832_CR34","unstructured":"Hu EJ, Shen Y, Wallis P, Allen-Zhu Z, Li Y, Wang S, Wang L, Chen W (2021) Lora: Low-rank adaptation of large language models. arXiv preprint arXiv:2106.09685"},{"key":"10832_CR35","doi-asserted-by":"crossref","unstructured":"Hu J, Zhang L, Liu C, Yang S, Huang S, Liu Y (2024) Empirical analysis of vulnerabilities life cycle in golang ecosystem. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering, pp 1\u201313","DOI":"10.1145\/3597503.3639230"},{"key":"10832_CR36","unstructured":"Jia P, Liu C, Sun H, Sun C, Gu M, Liu Y, Zhang Y (2022) Cargo ecosystem dependency-vulnerability knowledge graph construction and vulnerability propagation study. arXiv preprint arXiv:2210.07482"},{"key":"10832_CR37","unstructured":"Kim T, Kim CH, Rhee J, Fei F, Tu Z, Walkup G, Zhang X, Deng X, Xu D (2019) $$\\{\\text{RVFuzzer}\\}$$: Finding input validation bugs in robotic vehicles through $$\\{\\text{ Control-Guided }\\}$$ testing. In: 28th USENIX Security Symposium (USENIX Security 19), pp 425\u2013442"},{"key":"10832_CR38","unstructured":"Kojima T, Gu SS, Reid M, Matsuo Y, Iwasawa Y (2022) Large language models are zero-shot reasoners. Advances in neural information processing systems 35:22,199\u201322,213"},{"key":"10832_CR39","unstructured":"Kshirsagar M (2025) Lifespan of AI chips: The $300 billion question. Center for Information Technology Policy (CITP) Blog, Princeton University, https:\/\/blog.citp.princeton.edu\/2025\/10\/15\/lifespan-of-ai-chips-the-300-billion-question\/, accessed: January 2026"},{"key":"10832_CR40","doi-asserted-by":"crossref","unstructured":"Li W, Li L, Cai H (2022) On the vulnerability proneness of multilingual code. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 847\u2013859","DOI":"10.1145\/3540250.3549173"},{"issue":"4","key":"10832_CR41","doi-asserted-by":"publisher","first-page":"2821","DOI":"10.1109\/TDSC.2021.3076142","volume":"19","author":"Z Li","year":"2021","unstructured":"Li Z, Zou D, Xu S, Chen Z, Zhu Y, Jin H (2021) Vuldeelocator: a deep learning-based fine-grained vulnerability detector. IEEE Trans Dependable Secure Comput 19(4):2821\u20132837","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"4","key":"10832_CR42","doi-asserted-by":"publisher","first-page":"2244","DOI":"10.1109\/TDSC.2021.3051525","volume":"19","author":"Z Li","year":"2021","unstructured":"Li Z, Zou D, Xu S, Jin H, Zhu Y, Chen Z (2021) Sysevr: A framework for using deep learning to detect software vulnerabilities. IEEE Trans Dependable Secure Comput 19(4):2244\u20132258","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"10832_CR43","unstructured":"Liu Y, Ott M, Goyal N, Du J, Joshi M, Chen D, Levy O, Lewis M, Zettlemoyer L, Stoyanov V (2019) Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692"},{"key":"10832_CR44","doi-asserted-by":"crossref","unstructured":"Liu Z, Tang Z, Zhang J, Xia X, Yang X (2024) Pre-training by predicting program dependencies for vulnerability analysis tasks. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering, pp 1\u201313","DOI":"10.1145\/3597503.3639142"},{"issue":"112","key":"10832_CR45","first-page":"031","volume":"212","author":"G Lu","year":"2024","unstructured":"Lu G, Ju X, Chen X, Pei W, Cai Z (2024) Grace: Empowering llm-based software vulnerability detection with graph structure and in-context learning. J Syst Softw 212(112):031","journal-title":"J Syst Softw"},{"key":"10832_CR46","unstructured":"Luttwak A, Schindel A (2021) Log4Shell 10 days later: Enterprises halfway through patching. https:\/\/www.wiz.io\/blog\/10-days-later-enterprises-halfway-through-patching-log4shell, accessed: 2025\u201304-27"},{"key":"10832_CR47","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1109\/TSE.1976.233837","volume":"4","author":"TJ McCabe","year":"1976","unstructured":"McCabe TJ (1976) A complexity measure. IEEE Trans Software Eng 4:308\u2013320","journal-title":"IEEE Trans Software Eng"},{"key":"10832_CR48","doi-asserted-by":"crossref","unstructured":"Mir AM, Keshani M, Proksch S (2023) On the effect of transitivity and granularity on vulnerability propagation in the maven ecosystem. 2023 IEEE International Conference on Software Analysis. Evolution and Reengineering (SANER), IEEE, pp 201\u2013211","DOI":"10.1109\/SANER56733.2023.00028"},{"key":"10832_CR49","doi-asserted-by":"crossref","unstructured":"Nguyen VA, Nguyen DQ, Nguyen V, Le T, Tran QH, Phung D (2022) Regvd: Revisiting graph neural networks for vulnerability detection. In: Proceedings of the ACM\/IEEE 44th International Conference on Software Engineering: Companion Proceedings, pp 178\u2013182","DOI":"10.1145\/3510454.3516865"},{"key":"10832_CR50","doi-asserted-by":"crossref","unstructured":"Ni C, Yin X, Yang K, Zhao D, Xing Z, Xia X (2023) Distinguishing look-alike innocent and vulnerable code by subtle semantic representation learning and explanation. In: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 1611\u20131622","DOI":"10.1145\/3611643.3616358"},{"key":"10832_CR51","unstructured":"OpenAI (2022) Chatgpt: Optimizing language models for dialogue. https:\/\/openai.com\/blog\/chatgpt"},{"key":"10832_CR52","unstructured":"OpenAI (2024a) https:\/\/openai.com\/"},{"key":"10832_CR53","unstructured":"OpenAI (2024b) Gpt-4o: A flagship model by openai. https:\/\/openai.com\/index\/gpt-4o-and-more-tools-to-chatgpt-free, accessed: 2024\u201310-19"},{"key":"10832_CR54","unstructured":"OpenAI (2024c) New generation of embedding model. https:\/\/openai.com\/blog\/new-embedding-models-and-api-updates"},{"key":"10832_CR55","unstructured":"Ouyang L, Wu J, Jiang X, Almeida D, Wainwright C, Mishkin P, Zhang C, Agarwal S, Slama K, Ray A, et al. (2022) Training language models to follow instructions with human feedback. Advances in neural information processing systems 35:27,730\u201327,744"},{"key":"10832_CR56","doi-asserted-by":"crossref","unstructured":"Peitek N, Apel S, Parnin C, Brechmann A, Siegmund J (2021) Program comprehension and code complexity metrics: An fmri study. IEEE Press, ICSE \u201921, p 524\u2013536, https:\/\/doi.org\/10.1109\/ICSE43902.2021.00056 DOI: 10.1109\/ICSE43902.2021.00056","DOI":"10.1109\/ICSE43902.2021.00056"},{"issue":"107","key":"10832_CR57","first-page":"523","volume":"175","author":"C Pornprasit","year":"2024","unstructured":"Pornprasit C, Tantithamthavorn C (2024) Fine-tuning and prompt engineering for large language models-based code review automation. Inf Softw Technol 175(107):523","journal-title":"Inf Softw Technol"},{"key":"10832_CR58","doi-asserted-by":"crossref","unstructured":"Robertson S, Zaragoza H, et al. (2009) The probabilistic relevance framework: Bm25 and beyond. Foundations and Trends\u00ae in Information Retrieval 3(4), 333\u2013389","DOI":"10.1561\/1500000019"},{"key":"10832_CR59","unstructured":"Roziere B, Gehring J, Gloeckle F, Sootla S, Gat I, Tan XE, Adi Y, Liu J, Remez T, Rapin J, et al. (2023) Code llama: Open foundation models for code. arXiv preprint arXiv:2308.12950"},{"key":"10832_CR60","doi-asserted-by":"crossref","unstructured":"Russell R, Kim L, Hamilton L, Lazovich T, Harer J, Ozdemir O, Ellingwood P, McConley M (2018) Automated vulnerability detection in source code using deep representation learning. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA), IEEE, pp 757\u2013762","DOI":"10.1109\/ICMLA.2018.00120"},{"issue":"10","key":"10832_CR61","doi-asserted-by":"publisher","first-page":"993","DOI":"10.1109\/TSE.2014.2340398","volume":"40","author":"R Scandariato","year":"2014","unstructured":"Scandariato R, Walden J, Hovsepyan A, Joosen W (2014) Predicting vulnerable software components via text mining. IEEE Trans Software Eng 40(10):993\u20131006","journal-title":"IEEE Trans Software Eng"},{"key":"10832_CR62","unstructured":"Shu H (2025) Replication package. https:\/\/github.com\/SpanShu96\/Large-Language-Model-for-Multilingual-Vulnerability-Detection\/tree\/main"},{"key":"10832_CR63","doi-asserted-by":"crossref","unstructured":"Steenhoek B, Rahman MM, Jiles R, Le W (2023) An empirical study of deep learning models for vulnerability detection. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), IEEE, pp 2237\u20132248","DOI":"10.1109\/ICSE48619.2023.00188"},{"key":"10832_CR64","doi-asserted-by":"crossref","unstructured":"Steenhoek B, Gao H, Le W (2024a) Dataflow analysis-inspired deep learning for efficient vulnerability detection. In: Proceedings of the 46th ieee\/acm international conference on software engineering, pp 1\u201313","DOI":"10.1145\/3597503.3623345"},{"key":"10832_CR65","unstructured":"Steenhoek B, Rahman MM, Roy MK, Alam MS, Tong H, Das S, Barr ET, Le W (2024b) To err is machine: Vulnerability detection challenges llm reasoning. arXiv preprint arXiv:2403.17218"},{"key":"10832_CR66","unstructured":"Stojkovic J, Zhang C, Goiri \u00cd, Bianchini R (2025) Rearchitecting datacenter lifecycle for ai: A tco-driven framework. arXiv preprint arXiv:2509.26534"},{"key":"10832_CR67","doi-asserted-by":"crossref","unstructured":"Tian Z, Shu H, Wang D, Cao X, Kamei Y, Chen J (2024) Large language models for equivalent mutant detection: How far are we? arXiv preprint arXiv:2408.01760","DOI":"10.1145\/3650212.3680395"},{"key":"10832_CR68","unstructured":"Treude C, Kula RG (2025) Interacting with ai reasoning models: Harnessing\" thoughts\" for ai-driven software engineering. arXiv preprint arXiv:2503.00483"},{"key":"10832_CR69","unstructured":"Uddin MN, Zhang Y, Hei X (2025) Deep learning aided software vulnerability detection: A survey. arXiv preprint arXiv:2503.04002"},{"key":"10832_CR70","unstructured":"US Energy Information Administration (2025) Short-term energy outlook (steo). Tech. rep., U.S. Department of Energy, https:\/\/www.eia.gov\/outlooks\/steo\/, projections for 2026 Electricity and Natural Gas Markets"},{"key":"10832_CR71","doi-asserted-by":"crossref","unstructured":"Wang C, Li Z, Pena Y, Gao S, Chen S, Wang S, Gao C, Lyu MR (2023a) Reef: A framework for collecting real-world vulnerabilities and fixes. In: 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 1952\u20131962","DOI":"10.1109\/ASE56229.2023.00199"},{"key":"10832_CR72","doi-asserted-by":"crossref","unstructured":"Wang Y, Wang W, Joty S, Hoi SC (2021) Codet 5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation. arXiv preprint arXiv:2109.00859","DOI":"10.18653\/v1\/2021.emnlp-main.685"},{"key":"10832_CR73","doi-asserted-by":"crossref","unstructured":"Wang Y, Le H, Gotmare AD, Bui ND, Li J, Hoi SC (2023b) Codet5+: Open code large language models for code understanding and generation. arXiv preprint arXiv:2305.07922","DOI":"10.18653\/v1\/2023.emnlp-main.68"},{"key":"10832_CR74","unstructured":"Weissberg F, Pirch L, Imgrund E, M\u00f6ller J, Eisenhofer T, Rieck K (2025) Llm-based vulnerability discovery through the lens of code metrics. arXiv preprint arXiv:2509.19117"},{"key":"10832_CR75","unstructured":"WhiteSource (2022) Mend bolt. https:\/\/www.mend.io\/free-developer-tools\/bolt"},{"key":"10832_CR76","doi-asserted-by":"crossref","unstructured":"Wolf T, Debut L, Sanh V, Chaumond J, Delangue C, Moi A, Cistac P, Rault T, Louf R, Funtowicz M, et al. (2019) Huggingface\u2019s transformers: State-of-the-art natural language processing. arXiv preprint arXiv:1910.03771","DOI":"10.18653\/v1\/2020.emnlp-demos.6"},{"issue":"2","key":"10832_CR77","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1109\/TR.2022.3161581","volume":"71","author":"J Xu","year":"2022","unstructured":"Xu J, Ai J, Liu J, Shi T (2022) Acgdp: An augmented code graph-based system for software defect prediction. IEEE Trans Reliab 71(2):850\u2013864","journal-title":"IEEE Trans Reliab"},{"key":"10832_CR78","unstructured":"Yang AZ, Tian H, Ye H, Martins R, Goues CL (2024a) Security vulnerability detection with multitask self-instructed fine-tuning of large language models. arXiv preprint arXiv:2406.05892"},{"key":"10832_CR79","doi-asserted-by":"crossref","unstructured":"Yang J, Jimenez CE, Wettig A, Lieret K, Yao S, Narasimhan K, Press O (2024b) Swe-agent: Agent-computer interfaces enable automated software engineering. Advances in Neural Information Processing Systems 37:50,528\u201350,652","DOI":"10.52202\/079017-1601"},{"key":"10832_CR80","unstructured":"Yin X (2024) Pros and cons! evaluating chatgpt on software vulnerability. arXiv preprint arXiv:2404.03994"},{"key":"10832_CR81","doi-asserted-by":"crossref","unstructured":"Yin X, Ni C, Wang S (2024) Multitask-based evaluation of open-source llm on software vulnerability. IEEE Transactions on Software Engineering","DOI":"10.1109\/TSE.2024.3470333"},{"key":"10832_CR82","doi-asserted-by":"crossref","unstructured":"Yu B, Zhu Y, He P, Kang D (2025a) Utboost: Rigorous evaluation of coding agents on swe-bench. arXiv preprint arXiv:2506.09289","DOI":"10.18653\/v1\/2025.acl-long.189"},{"key":"10832_CR83","doi-asserted-by":"crossref","unstructured":"Yu J, Shu H, Fu M, Wang D, Tantithamthavorn C, Kamei Y, Chen J (2025b) A preliminary study of large language models for multilingual vulnerability detection. arXiv 2505.07376","DOI":"10.1145\/3713081.3731746"},{"key":"10832_CR84","unstructured":"Yuan Z, Liu J, Zi Q, Liu M, Peng X, Lou Y (2023) Evaluating instruction-tuned large language models on code comprehension and generation. arXiv preprint arXiv:2308.01240"},{"issue":"5","key":"10832_CR85","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/s10664-022-10154-1","volume":"27","author":"A Zerouali","year":"2022","unstructured":"Zerouali A, Mens T, Decan A, De Roover C (2022) On the impact of security vulnerabilities in the npm and rubygems dependency networks. Empir Softw Eng 27(5):107","journal-title":"Empir Softw Eng"},{"issue":"8","key":"10832_CR86","doi-asserted-by":"publisher","first-page":"4196","DOI":"10.1109\/TSE.2023.3286586","volume":"49","author":"J Zhang","year":"2023","unstructured":"Zhang J, Liu Z, Hu X, Xia X, Li S (2023) Vulnerability detection by learning from syntax-based execution paths of code. IEEE Trans Software Eng 49(8):4196\u20134212","journal-title":"IEEE Trans Software Eng"},{"key":"10832_CR87","doi-asserted-by":"crossref","unstructured":"Zhang Q, Fang C, Yu B, Sun W, Zhang T, Chen Z (2023b) Pre-trained model-based automated software vulnerability repair: How far are we? IEEE Transactions on Dependable and Secure Computing","DOI":"10.1109\/TDSC.2023.3308897"},{"key":"10832_CR88","doi-asserted-by":"crossref","unstructured":"Zhong R, Li Y, Yu G, Gu W, Kuang J, Huo Y, Lyu MR (2025) Larger is not always better: Exploring small open-source language models in logging statement generation. ACM Transactions on Software Engineering and Methodology","DOI":"10.1145\/3773287"},{"key":"10832_CR89","doi-asserted-by":"crossref","unstructured":"Zhou X, Cao S, Sun X, Lo D (2024a) Large language model for vulnerability detection and repair: Literature review and the road ahead. ACM Transactions on Software Engineering and Methodology","DOI":"10.1145\/3708522"},{"key":"10832_CR90","doi-asserted-by":"crossref","unstructured":"Zhou X, Kim K, Xu B, Han D, Lo D (2024b) Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering, pp 1\u201313","DOI":"10.1145\/3597503.3639222"},{"key":"10832_CR91","doi-asserted-by":"crossref","unstructured":"Zhou X, Zhang T, Lo D (2024c) Large language model for vulnerability detection: Emerging results and future directions. In: Proceedings of the 2024 ACM\/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging Results, pp 47\u201351","DOI":"10.1145\/3639476.3639762"},{"key":"10832_CR92","unstructured":"Zhou Y, Liu S, Siow J, Du X, Liu Y (2019) Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Advances in neural information processing systems 32"},{"issue":"5","key":"10832_CR93","doi-asserted-by":"publisher","first-page":"2224","DOI":"10.1109\/TDSC.2019.2942930","volume":"18","author":"D Zou","year":"2021","unstructured":"Zou D, Wang S, Xu S, Li Z, Jin H (2021) $$\\mu $$vuldeepecker: A deep learning-based system for multiclass vulnerability detection. IEEE Trans Dependable Secure Comput 18(5):2224\u20132236. https:\/\/doi.org\/10.1109\/TDSC.2019.2942930","journal-title":"IEEE Trans Dependable Secure Comput"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-026-10832-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-026-10832-4","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-026-10832-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T11:09:26Z","timestamp":1781608166000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-026-10832-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,6]]},"references-count":93,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2026,7]]}},"alternative-id":["10832"],"URL":"https:\/\/doi.org\/10.1007\/s10664-026-10832-4","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,6]]},"assertion":[{"value":"20 August 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 April 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed Consent"}},{"value":"The authors of this article declared that they have no conflict of interest.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of Interest"}}],"article-number":"110"}}